Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer won't Boot


  • Please log in to reply
19 replies to this topic

#1 Bulldog

Bulldog

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 09 December 2004 - 02:08 PM

This morning I went to launch a radio player and i couldn't. It kept saying Explorer error. I have had a pestscan preformed on-line before and it help identify problems and it helped alot, so i went and had a scan done. it showed i had an unknown backdoor trojan and about 9 or so other nasties that my norton, spybot, adaware all missed. so i downloaded the trial pest patrol and i found about 80-90 problems that had gone overlooked including 2nd thought but of course you cant delete. I had heard on your fourms before about a panda scan so I went and tried to scan it online and had the same errors. but i went to download the evaluation version and it let me. so i shut down to reboot and run the scan and now i cant re boot. it gets to my desktop and thats it it wont show any icons or the windows tool bar. i can access thru safemode and actually ran a hijack this scan but i couldn't see anything suspicious but i'm definantly not an expert. i can't figure out how to get it frrom my notepad to a document to give to you guys.


please help thanks.

by the way i on a diffrent computer because i can't access the internet.

Edited by Bulldog, 09 December 2004 - 02:38 PM.

bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

BC AdBot (Login to Remove)

 


m

#2 Bulldog

Bulldog
  • Topic Starter

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 09 December 2004 - 04:48 PM

i got my computer to reboot fine. here is my hi-jack this log

ogfile of HijackThis v1.98.2
Scan saved at 3:48:18 PM, on 12/9/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\system32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\UPS\UOWS\ShipUps.exe
c:\ups\uows\upslnkmg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kciconstruction.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.my-etrust.com/includes/pscanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://65.40.185.126//WebDvr3.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = KCIConstruction.com

any help is appreciated.

i ran register mechanic it said i had 1 custom control 15 shared programs some ad/remove programs and about 100 or so register key problems. :thumbsup:
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:35 PM

Posted 16 December 2004 - 05:00 PM

Hi if you are still having a problem:

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#4 Bulldog

Bulldog
  • Topic Starter

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 17 December 2004 - 11:16 AM

Logfile of HijackThis v1.99.0
Scan saved at 10:05:00 AM, on 12/17/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\system32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\unzipped\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kciconstruction.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.my-etrust.com/includes/pscanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://65.40.185.126//WebDvr3.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dcfssvc - Eastman Kodak Company - C:\WINNT\system32\DRIVERS\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I ran a scan it says I have the following:

Backweb Lite and Back web- Downloaders
2nd Thought - Adware
Key Snatch - Key Logger
BonziBuddy - Spyware

I've ran Adware SE, Spybot, and System Security Suite.

Can Hijack this help remove these items. Thanks for the response.
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:35 PM

Posted 17 December 2004 - 03:44 PM

Log looks clean to me...what online scan did you use>?

#6 Bulldog

Bulldog
  • Topic Starter

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 17 December 2004 - 04:52 PM

I used e-trust pest Scan by Pest Patrol. it give locations as follows:

For both Backweb Mostly in C:\Program Files\kodak\kodak software updater

then it varies after that, the second Backweb has 2 hkey_local_machine \software\

then they both vary.

For the 2ndthought it gives the following only:

C:\Program Files\ common files\slmss

For the Key Snatch:

hkey_local_machine \software\classes\interface

With varying numbers that follow but also very similar

For the BonziBuddy:

hkey_local_machine \software\classes\threed,ssribbon\curve

then it also varies with about 70 entries.

Maybe this would help. I really hate to get in my Registry. But since it gives the location It's tempting.

The Bonzi Buddy Spyware says it will retrieve the Software ClickTillUWin

It says it requires about 27000 of KB.

Please Help. Thank you.
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:35 PM

Posted 17 December 2004 - 05:11 PM

You are telling me that you are getting a message on your screen about bonzai buddy?

#8 Bulldog

Bulldog
  • Topic Starter

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 19 December 2004 - 11:10 AM

No all the above information came from the pest patrol scan including the additional info about the Bonzi Buddy Spyware.

Would you suggest I go into the regestry since I have what I would need to delete or is there a removal tool you would suggest.
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:35 PM

Posted 19 December 2004 - 12:48 PM

This is what I would suggest. Delete the quarantines and backups within ad-aware and spybot. Then run pestpatrol again and see if it finds anything. PestPatrol is known for finding false positives.

#10 Bulldog

Bulldog
  • Topic Starter

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 19 December 2004 - 01:38 PM

Deleted Spybot and adware Quarintines. Still the same scam results.

The Backweb They say comes with software so the manufacture can automaticly update the software.

The 2nd thought is just one file but the Bonzi Buddy is knid of scarey. I've seen some posts in B.C. regarding the ClickTillUWin problem that the one I'm The most concerned about.

I'm just puzzled. :thumbsup:
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:35 PM

Posted 19 December 2004 - 02:20 PM

I am not much concerned with the backweb stuff...you can leave that alone.

Post the exact results again please...i still think these are not anything to worry about

#12 Bulldog

Bulldog
  • Topic Starter

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 20 December 2004 - 04:22 PM

The exact posting for 2nd Thought:

Kill these running processes with Task Manager:
bhp.exe
c:\spedia\spedia.exe
f3bd79dd80edcf0497b3bd7081eb34a4.exe
profilepath+\local settings\temp\temporary internet files\content.ie5\ghijklmn\install033[2].exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\loader[1].exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\stc[1].exe
profilepath+\locals~1\temp\randreco.exe
profilepath+\locals~1\temp\temporary internet files\content.ie5\ghijklmn\install033[2].exe
programfilesdir+\addestroyer\addestroyer.exe
programfilesdir+\clearsearch\csaolldr.exe
programfilesdir+\common files\slmss\slmss.exe
programfilesdir+\stc\bdl14108.exe
programfilesdir+\stc\bookedspace.exe
programfilesdir+\stc\bundleouter2601031121.exe
programfilesdir+\stc\csv5p070.exe
programfilesdir+\stc\fpn16100.exe
programfilesdir+\stc\qoologic.exe
programfilesdir+\stc\s_win32.exe
programfilesdir+\stc\slmss.exe
programfilesdir+\stc\sq_3394_3222.exesqinstaller.exe
programfilesdir+\stc\stc.exe
programfilesdir+\stc\tvmedia.exe
programfilesdir+\vbouncer\addestroyerinner.exe
systemroot+\bokja.exe
systemroot+\stcloader.exe
systemroot+\system\stcloader.exe
systemroot+\system32\automove.exe
systemroot+\system32\stcloader.exe
trans.exe
trojan.win32.secondthought.b.exe
trojan.win32.secondthought.c.exe
wupdsnff.exe

Remove Auto Run References
go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\adstartup, delete it and reboot the machine immediately.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bokja, delete it and reboot the machine immediately.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sqinstaller, delete it and reboot the machine immediately.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\stcloader, delete it and reboot the machine immediately.

Unregister these DLLs with Regsvr32, then reboot:
c:\spedia\spextdll.dll
csie.dll
csieinst.dll
programfilesdir+\clearsearch\a_clearsearch.dll
programfilesdir+\clearsearch\csaolinst.dll
programfilesdir+\clearsearch\csbiinst.dll
swrt01.dll
systemroot+\system\idleui.dll
systemroot+\system32\2ndsrch.dll
systemroot+\system32\cdsm32.dll
systemroot+\system32\idleui.dll
systemroot+\system32\swin32.dll
systemroot+\voiceip.dll

remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\clsid\{00000250-0320-4dd4-be4f-7566d2314352}
HKEY_CLASSES_ROOT\clsid\{13197ace-6851-45c3-a7ff-c281324d5489}
HKEY_CLASSES_ROOT\clsid\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}
HKEY_CLASSES_ROOT\clsid\{965a592f-8efa-4250-8630-7960230792f1}
HKEY_CLASSES_ROOT\csie.csiecore
HKEY_CLASSES_ROOT\csie.csiecore.1
HKEY_CLASSES_ROOT\csie.csiecore\clsid
HKEY_CLASSES_ROOT\csie.csiecore\curver
HKEY_CLASSES_ROOT\interface\{0f2a4adc-dabf-4980-8db4-19f67d7b1f95}
HKEY_CLASSES_ROOT\interface\{96b3b1b9-a510-4603-bd66-2bb2c9f21542}
HKEY_CLASSES_ROOT\typelib\{60494593-5408-447d-bd5e-a16640d6af99}
HKEY_CLASSES_ROOT\typelib\{69db5061-ff0a-418b-ada6-68ac77d69e44}
HKEY_CLASSES_ROOT\urllauncher.urllaunchercontrol
HKEY_CLASSES_ROOT\urllauncher.urllaunchercontrol.1
HKEY_CLASSES_ROOT\urllauncher.urllaunchercontrol\clsid
HKEY_CLASSES_ROOT\urlsearch.urlsearch.1
HKEY_CLASSES_ROOT\urlsearch.urlsearch\clsid
HKEY_CLASSES_ROOT\urlsearch.urlsearch\curver
HKEY_CLASSES_ROOT\voiceipdll.voiceipdllobj.1
HKEY_CURRENT_USER\software\stc
HKEY_LOCAL_MACHINE\software\bokja\1
HKEY_LOCAL_MACHINE\software\bokja\qoke
HKEY_LOCAL_MACHINE\software\bokja\vmos
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000250-0320-4dd4-be4f-7566d2314352}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\adstartup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bokja
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sqinstaller
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\stcloader
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\contextsidebar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\contextsidebar\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mirrorunder\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mirrorunder\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ronsidebar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ronsidebar\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spidersidebar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spidersidebar\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\urlsidebar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\urlsidebar\uninstallstring
HKEY_LOCAL_MACHINE\software\slmss\1
HKEY_LOCAL_MACHINE\software\slmss\27
HKEY_LOCAL_MACHINE\software\slmss\element
HKEY_LOCAL_MACHINE\software\slmss\receipt
HKEY_LOCAL_MACHINE\software\y036\update

remove these files (if present) with Windows Explorer:
2nd thought.txt
adupdmanager.xml
bhp.exe
c:\spedia\htm\sp7.htm
c:\spedia\htm\sp8.htm
c:\spedia\spedia.exe
c:\spedia\spedia.fon
c:\spedia\spextdll.dll
c:\spedia\spmdat.bin
commonprograms+\addestroyer\addestroyer.lnk
csie.dll
csie_checks.dat
csie_ron_campaigns.dat
csie_ron_rules.dat
csie_ss_rules.dat
csie_tsb_campaigns.dat
csie_tsb_edomains.dat
csie_tsb_patterns.dat
csie_tsb_rules.dat
csie_usb_campaigns.dat
csie_usb_patterns.dat
csie_usb_rules.dat
csieinst.dll
desktopdir+\second thought.lnk
desktopdir+\spediabar.lnk
f3bd79dd80edcf0497b3bd7081eb34a4.exe
inneradinstall.log
mypcsearch.lnk
profilepath+\administrator\start menu\programs\spediabar.lnk
profilepath+\local settings\temp\temporary internet files\content.ie5\ghijklmn\install033[2].exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\loader[1].exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\stc[1].exe
profilepath+\locals~1\temp\randreco.exe
profilepath+\locals~1\temp\temporary internet files\content.ie5\ghijklmn\install033[2].exe
programfilesdir+\addestroyer\addestroyer.exe
programfilesdir+\clearsearch\a_clearsearch.dll
programfilesdir+\clearsearch\csaolinst.dll
programfilesdir+\clearsearch\csaolldr.exe
programfilesdir+\clearsearch\csbiinst.dll
programfilesdir+\common files\slmss\slmss.exe
programfilesdir+\stc\bdl14108.exe
programfilesdir+\stc\bookedspace.exe
programfilesdir+\stc\bundleouter2601031121.exe
programfilesdir+\stc\csv5p070.exe
programfilesdir+\stc\fpn16100.exe
programfilesdir+\stc\qoologic.exe
programfilesdir+\stc\s_win32.exe
programfilesdir+\stc\slmss.exe
programfilesdir+\stc\sq_3394_3222.exesqinstaller.exe
programfilesdir+\stc\stc.exe
programfilesdir+\stc\tvmedia.exe
programfilesdir+\vbouncer\addestroyerinner.exe
retpdat32.xml
sp32.xml
swrt01.dll
systemroot+\bokja.exe
systemroot+\mwsvm.ocx
systemroot+\stcloader.exe
systemroot+\system\idleui.dll
systemroot+\system\stcloader.exe
systemroot+\system32\2ndsrch.dll
systemroot+\system32\automove.exe
systemroot+\system32\cdsm32.dll
systemroot+\system32\idleui.dll
systemroot+\system32\stcloader.exe
systemroot+\system32\swin32.dll
systemroot+\voiceip.dll
trans.exe
trojan.win32.secondthought.b.exe
trojan.win32.secondthought.c.exe
wupdsnff.exe

remove these directories (if present) with Windows Explorer:

commonprograms+\addestroyer
favorites+\ cool stuff
programfilesdir+\addestroyer
programfilesdir+\clearsearch
programfilesdir+\common files\slmss
programfilesdir+\second thought
programfilesdir+\stc

For Key Snatch:

Kill these running processes with Task Manager:
programfilesdir+\keysnatch\keysnatch.exe

remove these registry items (if present) with RegEdit:

HKEY_LOCAL_MACHINE\software\classes\aboxctl.abox
HKEY_LOCAL_MACHINE\software\classes\clsid\{634e2191-2142-4c32-8a9a-d92032ca5f51}
HKEY_LOCAL_MACHINE\software\classes\clsid\{680c2b92-6fbf-446e-8b32-3bba73f1004d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7a834f35-3908-4fda-bdac-28eab89a0fb3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9e563445-b3b2-4a4c-850f-32073a5df93e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b50ee6c3-c280-47f5-b73f-d624a2980e5d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d4f6d70a-eca7-4d42-aaec-dad4e26889e1}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e2a1da8f-fb3e-4e4a-8df6-bc54af4f2b7b}
HKEY_LOCAL_MACHINE\software\classes\interface\{083e2157-26b7-4a35-92df-11d886ed88ce}
HKEY_LOCAL_MACHINE\software\classes\interface\{1a23c59a-8c62-4860-a2fe-fc3940e8158c}
HKEY_LOCAL_MACHINE\software\classes\interface\{330849e8-b164-474c-9f09-0fe635d36c3c}
HKEY_LOCAL_MACHINE\software\classes\interface\{3923042b-2c35-4910-8711-4e0712b8e7c0}
HKEY_LOCAL_MACHINE\software\classes\interface\{48372215-470c-4108-b9b3-6de0ea8a6210}
HKEY_LOCAL_MACHINE\software\classes\interface\{77190304-5e62-46b2-a556-599361fb7155}
HKEY_LOCAL_MACHINE\software\classes\interface\{8c3d4aa1-2599-11d2-baf1-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{8c3d4aa3-2599-11d2-baf1-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{8c3d4aa5-2599-11d2-baf1-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{8c3d4aa6-2599-11d2-baf1-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{a368e682-63c3-4a6b-90df-d36f1f94b68f}
HKEY_LOCAL_MACHINE\software\classes\interface\{b538d830-1f02-4c5e-a881-a442e48e6310}
HKEY_LOCAL_MACHINE\software\classes\interface\{df329552-2e33-45dd-b529-f1a79c5c14d6}
HKEY_LOCAL_MACHINE\software\classes\interface\{fdf66bea-fec0-4fe5-b6f3-db416f6f7cb9}
HKEY_LOCAL_MACHINE\software\classes\typelib\{03f7cb5f-9e40-4b74-a3ed-7dbeaab01c6c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keysnatch\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keysnatch\uninstallstring

remove these files (if present) with Windows Explorer:
install.log
keyboard guardian.lnk
keysnatch.txt
programfilesdir+\keysnatch\abox.ocx
programfilesdir+\keysnatch\ccrpftv6.ocx
programfilesdir+\keysnatch\keysnatch.exe
programfilesdir+\keysnatch\sssplt30.ocx
readme - pdf.lnk
readme - text.lnk
readme - word document.lnk

remove these directories (if present) with Windows Explorer:
programfilesdir+\keysnatch

The BonziBuddy:

Kill these running processes with Task Manager:
bbsetupad1.exe
bbsetuphom.exe
programfilesdir+\bonzi.com web compass\wcinst.exe
programfilesdir+\bonzibuddy\bbsmartsetup.exe
programfilesdir+\bonzibuddy\bbsmartstubfal.exe
programfilesdir+\bonzibuddy\bbuddymini.exe
programfilesdir+\bonzibuddy\bonzibdy.exe
programfilesdir+\bonzibuddy\bonzibuddyuninstall.exe
programfilesdir+\bonzibuddy\msagent.exe
programfilesdir+\bonzibuddy\savenowinst.exe
programfilesdir+\bonzibuddy\spchapi.exe
programfilesdir+\bonzibuddy\tv_enua.exe

Remove Auto run references:

go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bonzi buddy, delete it and reboot the machine immediately.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bonzibuddy, delete it and reboot the machine immediately.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion

unregister these DLLs with Regsvr32, then reboot:
programfilesdir+\bonzi.com web compass\wclogic.dll
programfilesdir+\bonzi.com web compass\webcompass.dll
programfilesdir+\bonzibuddy\bonzictb.dll
systemroot+\system\bonzitapfilters.dll
systemroot+\system\webcompass.dll
systemroot+\system32\bonzitapfilters.dll
systemroot+\system32\webcompass.dll
webcompassbar.dll

remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\.bbma
HKEY_CLASSES_ROOT\.bonzimail_message
HKEY_CLASSES_ROOT\bonzibdy.document
HKEY_CLASSES_ROOT\bonzibuddy.ccalendarvbperiod
HKEY_CLASSES_ROOT\bonzibuddy.ccalendarvbperiods
HKEY_CLASSES_ROOT\bonzibuddy.clsaddressbook
HKEY_CLASSES_ROOT\bonzibuddy.clsbbplayer
HKEY_CLASSES_ROOT\bonzibuddy.clsclickthebutton
HKEY_CLASSES_ROOT\bonzibuddy.clsdownloadmanager
HKEY_CLASSES_ROOT\bonzibuddy.clsstoryreader
HKEY_CLASSES_ROOT\bonzibuddy.cperiod
HKEY_CLASSES_ROOT\bonzibuddy.cperiods
HKEY_CLASSES_ROOT\bonzictbhelper.clsbonzictbhelper
HKEY_CLASSES_ROOT\bonzimail_messagefile
HKEY_CLASSES_ROOT\bonzitapfilters.clsbonzicontent
HKEY_CLASSES_ROOT\bonzitapfilters.clscommanddownloadfile
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandhttppost
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgbox
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonno
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonyes
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandopenweb
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandplay
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandraiseevent
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandsetiehomepage
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandspeak
HKEY_CLASSES_ROOT\bonzitapfilters.clscontent
HKEY_CLASSES_ROOT\bonzitapfilters.clsfiltration
HKEY_CLASSES_ROOT\bonzitapfilters.clstapevent
HKEY_CLASSES_ROOT\clsid\{f4900f67-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f6a-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f8d-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f96-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{22eb59ae-1cb8-4153-9dfc-b5ce048357cf}
HKEY_CLASSES_ROOT\clsid\{3b89ad5a-42a2-4258-9242-d67eb0c80442}
HKEY_CLASSES_ROOT\clsid\{50a2c2b1-5a56-4183-b1d0-3f59877bad60}
HKEY_CLASSES_ROOT\clsid\{53f082c5-72fe-49d5-a34f-c054cad30dd0}
HKEY_CLASSES_ROOT\clsid\{57da7e73-b94f-49a2-9fef-9f4b40c8e221}
HKEY_CLASSES_ROOT\clsid\{5d11b6dc-358a-44b3-b2ac-22b5dcbc936b}
HKEY_CLASSES_ROOT\clsid\{6a96c266-f125-4d60-8be0-c247349a7ce4}
HKEY_CLASSES_ROOT\clsid\{7c3845b5-4b34-43ce-99de-3bfad5308e68}
HKEY_CLASSES_ROOT\clsid\{82ca10ae-d2f8-441e-a01d-4dfc46f37612}
HKEY_CLASSES_ROOT\clsid\{837cca31-1813-40ea-80bc-aba9d97cb64b}
HKEY_CLASSES_ROOT\clsid\{856b6cbe-b0c1-4b4d-8586-2d6e9df3e4f2}
HKEY_CLASSES_ROOT\clsid\{962f96f8-624c-4b0e-b055-f2f1d1deff0e}
HKEY_CLASSES_ROOT\clsid\{a031fbf6-81a7-4440-9e20-51abb2289e4b}
HKEY_CLASSES_ROOT\clsid\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_CLASSES_ROOT\clsid\{a7aa73e0-f6f9-4967-b209-aa1b11c47dcf}
HKEY_CLASSES_ROOT\clsid\{aab7faed-91f8-4591-8e4c-9291d2b7f381}
HKEY_CLASSES_ROOT\clsid\{cb6f59f9-fa69-4d14-9d96-4bb3190e3df5}
HKEY_CLASSES_ROOT\clsid\{d3cd5f89-bfe3-4bad-ac10-25751a08811c}
HKEY_CLASSES_ROOT\clsid\{e26dd3cd-b06c-47ba-9766-5f264b858e09}
HKEY_CLASSES_ROOT\clsid\{e509d0e0-da02-4d16-ba63-70f23cac74c8}
HKEY_CLASSES_ROOT\clsid\{f2394898-748d-4415-8ce8-65e429445b33}
HKEY_CLASSES_ROOT\clsid\{f4900f5d-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f67-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f6a-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f8d-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f96-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f5a31f2f-122f-4615-a9b7-90841538ec7c}
HKEY_CLASSES_ROOT\clsid\{f77a2b0f-476c-4536-beb1-2cb17ca6bcbc}
HKEY_CLASSES_ROOT\clsid\{f91f3264-454b-45be-a402-fe0e56bb9315}
HKEY_CLASSES_ROOT\clsid\{fe56c7a2-aaf1-47f2-9b68-4057d7ff5b4a}
HKEY_CLASSES_ROOT\interface\{6a96c266-f125-4d60-8be0-c247349a7ce4}
HKEY_CLASSES_ROOT\interface\{cb6f59f9-fa69-4d14-9d96-4bb3190e3df5}
HKEY_CLASSES_ROOT\mime\database\content type\application/bonzi-mail-message
HKEY_CLASSES_ROOT\mime\database\content type\application\/bonzi-mail-message
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\shareddlls\d:\windows\system32\bonzitapfilters.dll
HKEY_CLASSES_ROOT\typelib\{50a2c2b1-5a56-4183-b1d0-3f59877bad60}
HKEY_CLASSES_ROOT\typelib\{aab7faed-91f8-4591-8e4c-9291d2b7f381}
HKEY_CLASSES_ROOT\typelib\{f4900f5d-055f-11d4-8f9b-00104ba312d6}
HKEY_CURRENT_USER\software\vb and vba program settings\bonzibuddy
HKEY_LOCAL_MACHINE\software\bonzi software
HKEY_LOCAL_MACHINE\software\classes\.bbma\""
HKEY_LOCAL_MACHINE\software\classes\.bbma\content type
HKEY_LOCAL_MACHINE\software\classes\.bonzimail_message\""
HKEY_LOCAL_MACHINE\software\classes\bonzibdy.document\""
HKEY_LOCAL_MACHINE\software\classes\bonzibdy.document\defaulticon\""
HKEY_LOCAL_MACHINE\software\classes\bonzibdy.document\shell\open\command\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.ccalendarvbperiod
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.ccalendarvbperiod\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.ccalendarvbperiod\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.ccalendarvbperiods
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.ccalendarvbperiods\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.ccalendarvbperiods\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsaddressbook
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsaddressbook\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsaddressbook\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsbbplayer
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsbbplayer\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsbbplayer\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsclickthebutton
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsclickthebutton\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsclickthebutton\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsdownloadmanager
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsdownloadmanager\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsdownloadmanager\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsregistration
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsregistration\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsregistration\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsstoryreader
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsstoryreader\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.clsstoryreader\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.cperiod
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.cperiod\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.cperiod\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.cperiods
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.cperiods\""
HKEY_LOCAL_MACHINE\software\classes\bonzibuddy.cperiods\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzictbhelper.clsbonzictbhelper
HKEY_LOCAL_MACHINE\software\classes\bonzictbhelper.clsbonzictbhelper\""
HKEY_LOCAL_MACHINE\software\classes\bonzictbhelper.clsbonzictbhelper\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzimail_messagefile\""
HKEY_LOCAL_MACHINE\software\classes\bonzimail_messagefile\defaulticon\""
HKEY_LOCAL_MACHINE\software\classes\bonzimail_messagefile\shell\open\command\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clsbonzicontent
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clsbonzicontent\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clsbonzicontent\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandclosetoast
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandclosetoast\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandclosetoast\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommanddownloadfile
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommanddownloadfile\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommanddownloadfile\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandhttppost
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandhttppost\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandhttppost\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgbox
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgbox\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgbox\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgboxonno
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgboxonno\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgboxonno\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgboxonyes
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgboxonyes\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandmsgboxonyes\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandopenweb
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandopenweb\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandopenweb\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandplay
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandplay\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandplay\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandraiseevent
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandraiseevent\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandraiseevent\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandsetiehomepage
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandsetiehomepage\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandsetiehomepage\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandshowtoast
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandshowtoast\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandshowtoast\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandspeak
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandspeak\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscommandspeak\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscontent
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscontent\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clscontent\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clsfiltration
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clsfiltration\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clsfiltration\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clssubscription
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clssubscription\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clssubscription\clsid\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clstapevent
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clstapevent\""
HKEY_LOCAL_MACHINE\software\classes\bonzitapfilters.clstapevent\clsid\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{065e6fd8-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{065e6fdc-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{065e6fdf-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{065e6fe3-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{065e6fe6-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{065e6fe9-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{0a45db4f-bd0d-11d2-8d14-00104b9e072a}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{210787c2-92b0-4776-8e80-14c02174893d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{210787c2-92b0-4776-8e80-14c02174893d}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{22eb59ae-1cb8-4153-9dfc-b5ce048357cf}
HKEY_LOCAL_MACHINE\software\classes\clsid\{22eb59ae-1cb8-4153-9dfc-b5ce048357cf}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{244d13bc-afdb-11ce-85d1-00aa00695286}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{3b89ad5a-42a2-4258-9242-d67eb0c80442}
HKEY_LOCAL_MACHINE\software\classes\clsid\{3b89ad5a-42a2-4258-9242-d67eb0c80442}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{4610e7bf-710f-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{53f082c5-72fe-49d5-a34f-c054cad30dd0}
HKEY_LOCAL_MACHINE\software\classes\clsid\{53f082c5-72fe-49d5-a34f-c054cad30dd0}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{57da7e73-b94f-49a2-9fef-9f4b40c8e221}
HKEY_LOCAL_MACHINE\software\classes\clsid\{57da7e73-b94f-49a2-9fef-9f4b40c8e221}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{5d11b6dc-358a-44b3-b2ac-22b5dcbc936b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5d11b6dc-358a-44b3-b2ac-22b5dcbc936b}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{6b1be804-567f-11d1-b652-0060976c699f}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{71a2702f-c7d8-11d2-bef8-525400dfb47a}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{71a27032-c7d8-11d2-bef8-525400dfb47a}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{71a27034-c7d8-11d2-bef8-525400dfb47a}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{7b6b6079-a483-43f4-9376-1cc374ba3600}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7b6b6079-a483-43f4-9376-1cc374ba3600}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{7c3845b5-4b34-43ce-99de-3bfad5308e68}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7c3845b5-4b34-43ce-99de-3bfad5308e68}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{80de8b24-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{82ca10ae-d2f8-441e-a01d-4dfc46f37612}
HKEY_LOCAL_MACHINE\software\classes\clsid\{82ca10ae-d2f8-441e-a01d-4dfc46f37612}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{837cca31-1813-40ea-80bc-aba9d97cb64b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{837cca31-1813-40ea-80bc-aba9d97cb64b}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{856b6cbe-b0c1-4b4d-8586-2d6e9df3e4f2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{856b6cbe-b0c1-4b4d-8586-2d6e9df3e4f2}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{86e5d750-02eb-11d3-a464-0080c858f182}
HKEY_LOCAL_MACHINE\software\classes\clsid\{86e5d750-02eb-11d3-a464-0080c858f182}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{962f96f8-624c-4b0e-b055-f2f1d1deff0e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{962f96f8-624c-4b0e-b055-f2f1d1deff0e}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{a031fbf6-81a7-4440-9e20-51abb2289e4b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a031fbf6-81a7-4440-9e20-51abb2289e4b}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a7aa73e0-f6f9-4967-b209-aa1b11c47dcf}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a7aa73e0-f6f9-4967-b209-aa1b11c47dcf}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{aaa403c6-03b3-11d3-a465-0080c858f182}
HKEY_LOCAL_MACHINE\software\classes\clsid\{aaa403c6-03b3-11d3-a465-0080c858f182}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{b8f2846e-ce36-11d0-ac83-00c04fd97575}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{ca141fd0-ac7f-11d1-97a3-0060082730ff}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{d3cd5f89-bfe3-4bad-ac10-25751a08811c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d3cd5f89-bfe3-4bad-ac10-25751a08811c}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{d985e1b8-e314-4d36-b095-ebd4c5295f69}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d985e1b8-e314-4d36-b095-ebd4c5295f69}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{e26dd3cd-b06c-47ba-9766-5f264b858e09}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e26dd3cd-b06c-47ba-9766-5f264b858e09}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{e509d0e0-da02-4d16-ba63-70f23cac74c8}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e509d0e0-da02-4d16-ba63-70f23cac74c8}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{e91e27a3-c5ae-11d2-8d1b-00104b9e072a}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f2394898-748d-4415-8ce8-65e429445b33}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f2394898-748d-4415-8ce8-65e429445b33}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f4900f67-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f4900f67-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f4900f6a-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f4900f6a-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f4900f8d-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f4900f8d-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f4900f96-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f4900f96-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f5a31f2f-122f-4615-a9b7-90841538ec7c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f5a31f2f-122f-4615-a9b7-90841538ec7c}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f77a2b0f-476c-4536-beb1-2cb17ca6bcbc}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f77a2b0f-476c-4536-beb1-2cb17ca6bcbc}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f8b44545-c2e0-46c3-b78b-11e821c9d2e1}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f8b44545-c2e0-46c3-b78b-11e821c9d2e1}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{f91f3264-454b-45be-a402-fe0e56bb9315}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f91f3264-454b-45be-a402-fe0e56bb9315}\""
HKEY_LOCAL_MACHINE\software\classes\clsid\{fe56c7a2-aaf1-47f2-9b68-4057d7ff5b4a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fe56c7a2-aaf1-47f2-9b68-4057d7ff5b4a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{0570bf7b-e1bf-4ef3-bc37-7ae3f54bd605}
HKEY_LOCAL_MACHINE\software\classes\interface\{0570bf7b-e1bf-4ef3-bc37-7ae3f54bd605}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd2-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd3-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd4-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd5-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd5-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd6-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd6-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd7-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd7-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd9-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fd9-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fdb-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fdb-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fdd-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fdd-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fde-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fde-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe0-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe0-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe1-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe1-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe2-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe4-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe4-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe5-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe5-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe7-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe7-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe8-1bf9-11d2-bae8-00104b9e0792}
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fe8-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{065e6fea-1bf9-11d2-bae8-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{0a45db49-bd0d-11d2-8d14-00104b9e072a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{0a45db4b-bd0d-11d2-8d14-00104b9e072a}
HKEY_LOCAL_MACHINE\software\classes\interface\{0a45db4b-bd0d-11d2-8d14-00104b9e072a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{0a45db4d-bd0d-11d2-8d14-00104b9e072a}
HKEY_LOCAL_MACHINE\software\classes\interface\{0a45db4d-bd0d-11d2-8d14-00104b9e072a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{0a45db4e-bd0d-11d2-8d14-00104b9e072a}
HKEY_LOCAL_MACHINE\software\classes\interface\{0a45db4e-bd0d-11d2-8d14-00104b9e072a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{120c5484-09ba-4936-98b9-1b0c15c9ce5e}
HKEY_LOCAL_MACHINE\software\classes\interface\{120c5484-09ba-4936-98b9-1b0c15c9ce5e}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{159c2806-4a71-45b4-8d4e-74c181cd6842}
HKEY_LOCAL_MACHINE\software\classes\interface\{159c2806-4a71-45b4-8d4e-74c181cd6842}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{17b3c2cb-6697-4736-bee7-69f363f1f35e}
HKEY_LOCAL_MACHINE\software\classes\interface\{17b3c2cb-6697-4736-bee7-69f363f1f35e}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{22df5084-12bc-4c98-8044-4fad06f4119a}
HKEY_LOCAL_MACHINE\software\classes\interface\{22df5084-12bc-4c98-8044-4fad06f4119a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{244d13bb-afdb-11ce-85d1-00aa00695286}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{28e4193c-f276-4568-bcdc-dd15d88fadcc}
HKEY_LOCAL_MACHINE\software\classes\interface\{28e4193c-f276-4568-bcdc-dd15d88fadcc}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{3d08842d-983e-4226-8d6e-612965eb32d9}
HKEY_LOCAL_MACHINE\software\classes\interface\{3d08842d-983e-4226-8d6e-612965eb32d9}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{44279f35-8ed3-4234-9d61-069ae93efbec}
HKEY_LOCAL_MACHINE\software\classes\interface\{44279f35-8ed3-4234-9d61-069ae93efbec}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{4610e7be-710f-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{4bb35a55-a91a-11cf-ba7c-00a0d1001a5a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{4bbfaacc-619c-4a9d-a32c-a8b3453ce783}
HKEY_LOCAL_MACHINE\software\classes\interface\{4bbfaacc-619c-4a9d-a32c-a8b3453ce783}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{565029f7-d84e-4edc-bf87-a204645da3ea}
HKEY_LOCAL_MACHINE\software\classes\interface\{565029f7-d84e-4edc-bf87-a204645da3ea}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{62fcac31-2581-11d2-baf1-00104b9e0792}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{6549f504-c43a-43f3-b8cd-d077af0427c8}
HKEY_LOCAL_MACHINE\software\classes\interface\{6549f504-c43a-43f3-b8cd-d077af0427c8}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{6a96c266-f125-4d60-8be0-c247349a7ce4}
HKEY_LOCAL_MACHINE\software\classes\interface\{6a96c266-f125-4d60-8be0-c247349a7ce4}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{6b1be803-567f-11d1-b652-0060976c699f}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{6b1be807-567f-11d1-b652-0060976c699f}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{6b976287-3692-11d0-9b8a-0000c0f04c96}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{6dc6a7a5-0862-406e-8fd9-e4d5adb93aed}
HKEY_LOCAL_MACHINE\software\classes\interface\{6dc6a7a5-0862-406e-8fd9-e4d5adb93aed}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{71a2702e-c7d8-11d2-bef8-525400dfb47a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{71a27033-c7d8-11d2-bef8-525400dfb47a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{71a27036-c7d8-11d2-bef8-525400dfb47a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{7679e16d-9af0-439d-be07-7bff15459c59}
HKEY_LOCAL_MACHINE\software\classes\interface\{7679e16d-9af0-439d-be07-7bff15459c59}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{80de8b1b-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{80de8b1c-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{80de8b1d-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{80de8b1e-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{80de8b1f-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{80de8b20-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{80de8b21-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{80de8b23-710a-11d3-813d-00c04f6b92d0}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{86e5d74f-02eb-11d3-a464-0080c858f182}
HKEY_LOCAL_MACHINE\software\classes\interface\{86e5d74f-02eb-11d3-a464-0080c858f182}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{86e5d751-02eb-11d3-a464-0080c858f182}
HKEY_LOCAL_MACHINE\software\classes\interface\{86e5d751-02eb-11d3-a464-0080c858f182}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{89e800de-5c96-4802-8da6-2cf50c9d19af}
HKEY_LOCAL_MACHINE\software\classes\interface\{89e800de-5c96-4802-8da6-2cf50c9d19af}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{8cfc92fa-7057-4a98-a3be-9c34d3d255fd}
HKEY_LOCAL_MACHINE\software\classes\interface\{8cfc92fa-7057-4a98-a3be-9c34d3d255fd}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{8db2224e-d2fa-4b2e-8402-085ea7cc826b}
HKEY_LOCAL_MACHINE\software\classes\interface\{8db2224e-d2fa-4b2e-8402-085ea7cc826b}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{8e71a3f9-cecf-4dc4-accf-3dd01c843a45}
HKEY_LOCAL_MACHINE\software\classes\interface\{8e71a3f9-cecf-4dc4-accf-3dd01c843a45}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{916694a8-8ad6-11d2-b6fd-0060976c699f}
HKEY_LOCAL_MACHINE\software\classes\interface\{916694a8-8ad6-11d2-b6fd-0060976c699f}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{916694a9-8ad6-11d2-b6fd-0060976c699f}
HKEY_LOCAL_MACHINE\software\classes\interface\{916694a9-8ad6-11d2-b6fd-0060976c699f}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{993d6cac-49a8-40d9-bd97-405281136e78}
HKEY_LOCAL_MACHINE\software\classes\interface\{993d6cac-49a8-40d9-bd97-405281136e78}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{9fbcd665-010a-4c21-be40-9de2bdf34e50}
HKEY_LOCAL_MACHINE\software\classes\interface\{9fbcd665-010a-4c21-be40-9de2bdf34e50}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{a4e0988e-24be-4570-b4d8-982f1386e0c6}
HKEY_LOCAL_MACHINE\software\classes\interface\{a4e0988e-24be-4570-b4d8-982f1386e0c6}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{a56be8e7-6b37-43dd-88f4-6d42e57ca1d7}
HKEY_LOCAL_MACHINE\software\classes\interface\{a56be8e7-6b37-43dd-88f4-6d42e57ca1d7}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{b2676d5b-8d53-4569-af2c-a55a0d90c132}
HKEY_LOCAL_MACHINE\software\classes\interface\{b2676d5b-8d53-4569-af2c-a55a0d90c132}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{bd6f0855-7792-4131-a06f-aa2a991e0549}
HKEY_LOCAL_MACHINE\software\classes\interface\{bd6f0855-7792-4131-a06f-aa2a991e0549}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{cb6f59f9-fa69-4d14-9d96-4bb3190e3df5}
HKEY_LOCAL_MACHINE\software\classes\interface\{cb6f59f9-fa69-4d14-9d96-4bb3190e3df5}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{cda1ca02-8b5d-11d0-9bc0-0000c0f04c96}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{cda1ca04-8b5d-11d0-9bc0-0000c0f04c96}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{d7ba20a4-7049-416f-a7e4-97530442d62f}
HKEY_LOCAL_MACHINE\software\classes\interface\{d7ba20a4-7049-416f-a7e4-97530442d62f}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{dacb7a39-cc0d-4b85-908b-10d2451761a5}
HKEY_LOCAL_MACHINE\software\classes\interface\{dacb7a39-cc0d-4b85-908b-10d2451761a5}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{decc98e1-ec4e-11d2-93e5-00104b9e078a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{e91e27a1-c5ae-11d2-8d1b-00104b9e072a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{e91e27a2-c5ae-11d2-8d1b-00104b9e072a}
HKEY_LOCAL_MACHINE\software\classes\interface\{e91e27a2-c5ae-11d2-8d1b-00104b9e072a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{eb61db30-b032-11d0-a853-0000c02ac6db}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{f2a97fa2-714d-11cf-ba24-00a0d1001a5a}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{f4043742-ac8d-4f86-88e9-f3fd3369dd8c}
HKEY_LOCAL_MACHINE\software\classes\interface\{f4043742-ac8d-4f86-88e9-f3fd3369dd8c}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f66-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f66-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f68-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f68-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f69-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f69-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f6b-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f6b-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f8c-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f8c-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f95-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\classes\interface\{f4900f95-055f-11d4-8f9b-00104ba312d6}\""
HKEY_LOCAL_MACHINE\software\classes\interface\{fdf3d1e0-2da2-4238-af4f-026670289749}
HKEY_LOCAL_MACHINE\software\classes\interface\{fdf3d1e0-2da2-4238-af4f-026670289749}\""
HKEY_LOCAL_MACHINE\software\classes\mime\database\content type\application/bonzi-mail-message\extension
HKEY_LOCAL_MACHINE\software\classes\racreg.regclass\""
HKEY_LOCAL_MACHINE\software\classes\racreg.regclass\clsid\""
HKEY_LOCAL_MACHINE\software\classes\registrycontrol.regicon\""
HKEY_LOCAL_MACHINE\software\classes\registrycontrol.regicon\clsid\""
HKEY_LOCAL_MACHINE\software\classes\ssubtimer6.ctimer\clsid\""
HKEY_LOCAL_MACHINE\software\classes\ssubtimer6.gsubclass\""
HKEY_LOCAL_MACHINE\software\classes\ssubtimer6.gsubclass\clsid\""
HKEY_LOCAL_MACHINE\software\classes\ssubtimer6.isubclass\""
HKEY_LOCAL_MACHINE\software\classes\threed.sscommand.3\""
HKEY_LOCAL_MACHINE\software\classes\threed.sscommand.3\clsid\""
HKEY_LOCAL_MACHINE\software\classes\threed.sscommand\curver\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssframe.3\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssframe.3\clsid\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssframe\curver\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssoption.3\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssoption.3\clsid\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssoption\curver\""
HKEY_LOCAL_MACHINE\software\classes\threed.sspanel.3\""
HKEY_LOCAL_MACHINE\software\classes\threed.sspanel\curver\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssribbon.3\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssribbon.3\clsid\""
HKEY_LOCAL_MACHINE\software\classes\threed.ssribbon\curver\""
HKEY_LOCAL_MACHINE\software\classes\typelib\{50a2c2b1-5a56-4183-b1d0-3f59877bad60}
HKEY_LOCAL_MACHINE\software\classes\typelib\{86e5d740-02eb-11d3-a464-0080c858f182}
HKEY_LOCAL_MACHINE\software\classes\typelib\{aab7faed-91f8-4591-8e4c-9291d2b7f381}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f4900f5d-055f-11d4-8f9b-00104ba312d6}
HKEY_LOCAL_MACHINE\software\l&h\truvoice\6.00\enu\help\helppath
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bonzi buddy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bonzibuddy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\clickthebutton
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\bonzibuddy\bbuddymini.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.8.6\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\3.6.15\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\msagent\chars\short.acs
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\system\iehelpermiddleman.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\winnt\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\d:\program files\bonzibuddy\bbuddymini.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\d:\program files\limewire\3.6.6\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\d:\winnt\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tv_enua\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tv_enua\requiresiesysfile
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tv_enua\uninstallstring
HKEY_LOCAL_MACHINE\software\voice\texttospeech\engine\truvoiceamenglish
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object\eventmessagefile
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object\typessupported

remove these files (if present) with Windows Explorer:

agentsvr.exe-002e45ab.pf
agentsvr.exe-2e0b3a35.pf
bbsetupad1.exe
bbsetuphom.exe
bbsetuphom.exe-29ffd054.pf
bbsmar~2.exe-07e9ade6.pf
bbuddy~1.exe-13d276bc.pf
bonzi.acs
bonzibdy.exe-2603b754.pf
bonzibuddy.txt
commonprograms+\bonzibuddy.lnk
commonprograms+\bonzibuddy\bonzibuddy.lnk
commonprograms+\bonzibuddy\uninstall bonzibuddy.lnk
desktopdir+\bonzibuddy.lnk
desktopdir+\download bonzibuddy now - free!.lnk
desktopdir+\finish installing....lnk
glb2.tmp-0890585f.pf
glba.tmp-259e75b5.pf
gljc.tmp-3189723e.pf
grpconv.exe-111cd845.pf
install.log
msagent.exe-2fa66abe.pf
profilepath+\administrator\start menu\programs\bonzibuddy\bonzibuddy.lnk
programfilesdir+\audiogalaxy satellite\bbshortcut.ico
programfilesdir+\bonzi.com web compass\wcinst.exe
programfilesdir+\bonzi.com web compass\wclogic.dll
programfilesdir+\bonzi.com web compass\webcompass.dll
programfilesdir+\bonzibuddy\bbsmartsetup.exe
programfilesdir+\bonzibuddy\bbsmartstubfal.exe
programfilesdir+\bonzibuddy\bbuddymini.exe
programfilesdir+\bonzibuddy\bonzibdy.exe
programfilesdir+\bonzibuddy\bonzibuddyuninstall.exe
programfilesdir+\bonzibuddy\bonzictb.dll
programfilesdir+\bonzibuddy\msagent.exe
programfilesdir+\bonzibuddy\savenowinst.exe
programfilesdir+\bonzibuddy\spchapi.exe
programfilesdir+\bonzibuddy\tv_enua.exe
programfilesdir+\limewire\2.4.1\bonzi.url
restart.exe-0fff213d.pf
spchapi.exe-28f57ba4.pf
speed up my computer.url
startupfolder+\bonzibuddy.l
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:35 PM

Posted 21 December 2004 - 05:34 PM

No i mean, what does pest patrol say when you scan your computer with it. Or does it say all that?

#14 Bulldog

Bulldog
  • Topic Starter

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 22 December 2004 - 11:39 AM

it says how many pests detected. then it lists what pests it detected and what they are (key logger,spyware, ect.). then next to each "pest" it gives the "+" that you click and it gives what individual files were detected.

then after it shows the list of files you can click on it and it gives the origion of the "pest" and other information and options.

The individual files are what is listed above with the options that you can take if possible. stop the running process, Delete the registery, etc.
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

#15 Bulldog

Bulldog
  • Topic Starter

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:10:35 PM

Posted 22 December 2004 - 12:03 PM

Here is my latest HJT Log if its fine, Im fine....but i did try to launch a radio player just now and it would't launch?


Logfile of HijackThis v1.99.0
Scan saved at 11:00:39 AM, on 12/22/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\system32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kciconstruction.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.my-etrust.com/includes/pscanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp...23/cpbrkpie.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://65.40.185.126//WebDvr3.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = KCIConstruction.com
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dcfssvc - Eastman Kodak Company - C:\WINNT\system32\DRIVERS\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thank you for your time.
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users