Show Posts

1

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 28, 2005, 12:33:42 AM »

Alright, I'll make sure I keep those programs updated and I'll take more precautions to make sure I don't have any more serious infections. I have to thank you one final time for all of the time you took to help me solve this problem.

2

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 27, 2005, 11:05:36 PM »

^^^Sorry, I forgot to log in.

3

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 27, 2005, 08:50:26 PM »

The FixAprop.exe found a few files that were infected and got rid of them. Thanks again for all the time you've taken to help me so far. Here's my new HighjackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:42:51 PM, on 3/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

------------------------------------------------------------------------------

Here's the dpf.bat log:

Volume in drive C has no label.
Volume Serial Number is B873-61B6

Directory of C:\WINDOWS\Downloaded Program Files

03/27/2005 01:39 AM <DIR> BUILTIN\Administrators .
03/27/2005 01:39 AM <DIR> BUILTIN\Administrators ..
02/23/2005 03:13 PM 199,168 JON\furious_d abasa5jrp_.exe
02/08/2005 10:52 AM 110,592 JON\furious_d asinst.dll
02/08/2005 10:54 AM 525 JON\furious_d asinst.inf
02/23/2005 07:01 PM 31,984 JON\furious_d aun_0010.exe
03/17/2005 07:10 PM <DIR> JON\furious_d CONFLICT.1
03/06/2005 10:19 PM <DIR> JON\furious_d CONFLICT.2
09/03/2002 08:57 AM 65 BUILTIN\Administrators DESKTOP.INI
10/14/1997 06:52 PM 697 BUILTIN\Administrators DirectAnimation Java Classes.osd
07/25/2002 05:13 PM 24,576 BUILTIN\Administrators dwusplay.dll
07/25/2002 05:13 PM 196,608 BUILTIN\Administrators dwusplay.exe
03/28/2002 04:05 PM 1,268 JON\furious_d erma.inf
09/09/2004 03:17 PM 65,272 JON\furious_d GDIChk.dll
09/09/2004 03:18 PM 302 JON\furious_d gdichk.inf
02/10/2005 12:28 PM 33,280 JON\furious_d hochkaod3_.exe
12/18/2003 06:18 PM 87,240 JON\furious_d IEAWSDC.DLL
12/17/2003 02:18 AM 438 JON\furious_d ieawsdc.inf
06/16/2004 05:02 AM 323,584 BUILTIN\Administrators isusweb.dll
08/25/2003 05:12 PM 1,096 JON\furious_d iuctl.inf
02/10/2005 12:30 PM 73,728 JON\furious_d lkir8l2gm_.dll
05/29/2003 02:00 PM 160,864 JON\furious_d messengerstatsclient.dll
01/20/2000 02:25 PM 1,162 BUILTIN\Administrators Microsoft XML Parser for Java.osd
05/29/2003 02:00 PM 84,064 JON\furious_d minesweeper.dll
05/29/2003 02:00 PM 77,408 JON\furious_d msgrchkr.dll
10/10/2004 01:54 PM 551 JON\furious_d OSD149F.OSD
03/13/2003 11:04 AM 45,720 JON\furious_d OUTC.DLL
01/15/2003 03:01 PM 939 JON\furious_d outc.inf
07/11/2004 08:19 PM 6,179,984 JON\furious_d QuickTimeInstallCache.qdat
12/08/2003 01:58 PM 3,759 JON\furious_d swflash.inf
02/25/2005 03:34 PM 56,320 JON\furious_d u6f6uftuc_.exe
04/17/2000 01:04 PM 3,072 JON\furious_d voxacm.inf
06/30/2003 09:41 PM 1,689 JON\furious_d WMV9VCM.inf
11/07/2004 03:29 PM 1,206 JON\furious_d yinst.inf
30 File(s) 7,767,161 bytes
4 Dir(s) 49,542,418,432 bytes free

4

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 26, 2005, 02:48:11 PM »

Here are the results from the online Virus scan:

Incident Status Location

Adware:Adware/PurityScan No disinfected C:\Documents and Settings\furious_d\Application Data\HGVE~1.EXE
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[cigbkend.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[czlbact.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[d6j02g1mg6.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[d8j02i1mg8.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dbmv2clt.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dn6u01j9e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dnns0157e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dovenum.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dvnet.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dvprpres.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[dzvacm.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[e8202ifmg82a2.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[e8jm0i11e8.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[en0ul1d91.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[fpl2033oe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[fpr2039oe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[gp28l3fu1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[gppsl3771.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[gpr8l39u1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[h04mlah11d4.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[h22o0cf3ef2.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[h8l2li3o18.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[hr4o05h3e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[hrns0557e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[igengine.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[ih6fwapi.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[irn8l55u1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[IWSHLPR.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[j44o0eh3eh4.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[JNSH400.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[jt8u07l9e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[JTDW400.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[jtlu0739e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[k226lcfs1f26.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[k6nolg5316.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[KHDGR.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[knymgr.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[kt4sl7h71.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[ktj0l71m1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[ktn0l75m1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[KYDIT.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[KYDLV.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[l0j80a1ued.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[Lekodak.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[lvn2095oe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[lz6u09j9e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[m2nq0c55ef.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MBCAT32.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MCRATELC.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MGRMSG.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MJCBASE.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MRPATCHA.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[MUCMS.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[mv2ml9f11.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[mvj2l91o1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[n66qlgj516o.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[o0pq0a75ed.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[o2480chuef480.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[okbcji32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[omexl32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[q4rq0e95eh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[r6r6lg9s16.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[r8p80i7ue8.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[rzhx32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[s6880glue6q80.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[szhedsvc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[t8r80i9ue8.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[UGRCOINA.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[ukimdmat.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[VHA64K.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[wkhip6.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\furious_d\Desktop\l2mfix\backup.zip[wladmod.dll]
Adware:Adware/EliteBar No disinfected C:\tb.exe
Adware:Adware/EliteBar No disinfected C:\upgradetb093.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\hochkaod3_.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.cab
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.cab[u6f6uftuc_.ini]
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.cab[hochkaod3_.ini]
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.cab[setup4002b.ini]
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.ini
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteToolBar\EliteToolBar.dll
Adware:Adware/Ucmore No disinfected C:\WINDOWS\IEMenuExtension.exe
Adware:Adware/BTGrab No disinfected C:\WINDOWS\INF\btgrab.inf
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\ffisearch.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/Envolo No disinfected C:\WINDOWS\QBAux.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\sideb.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\508hept.exe_
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\951libnt.exe
Adware:Adware/BroadcastPC No disinfected C:\WINDOWS\SYSTEM32\broadcastpc.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\Cache\BlazeVCM.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\Cache\pop.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\Cache\saie1101.exe
Adware:Adware/QoolAid No disinfected C:\WINDOWS\SYSTEM32\Cache\VCM QOOL_3.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\SYSTEM32\Cache\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM32\Cache\wrapperouter.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM32\doolsav.dat
Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM32\elitedoolsav.dat
Adware:Adware/Startpage.CM No disinfected C:\WINDOWS\SYSTEM32\elitetpr32.exe
Adware:Adware/Startpage.CM No disinfected C:\WINDOWS\SYSTEM32\eliteuzf32.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\mssysapps\peopleonpage.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\mssysapps\vertone.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM32\SWRT01.dll
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\SYSTEM32\TVM_B5_Bundle_14.EXE
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM32\vertone.exe
Adware:Adware/Envolo No disinfected C:\WINDOWS\Temp\AutoUpdate0\setup.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI65B.tmp\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI65B.tmp\farmmext.cab[farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI65B.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI65B.tmp\farmmext.ini
Adware:Adware/BTGrab No disinfected C:\WINDOWS\Temp\THI7B08.tmp\btgrab.inf

5

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 26, 2005, 02:44:38 PM »

Thank you so much for your help so far! I ran the FXGaobot program and Hoster. Here's my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:39:19 PM, on 3/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

I had a Virus scan done at Panda's as well, I'll make a separate post for that to make sure it doesn't get cut off.

6

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 26, 2005, 04:34:10 AM »

I deleted the ??chost.exe in my System32 folder. It ended up being disguised as svchost.exe, as you said. I got through the HJT step, but the link for FXGaobot doesn't seem to be working. Is there anywhere else to get it from?

7

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 26, 2005, 03:42:16 AM »

I've already seen a dramatic improvement, but when I boot in safe mode, a lot of the entries that you told me to fix with HighjackThis aren't there and they reappear when I restart into normal mode. Do you know why this happens?

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:29 AM, on 3/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??chost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

---------------------------------------------------------------------------

And here's the result from the Export.bat file:

Volume in drive C has no label.
Volume Serial Number is B873-61B6

Directory of C:\WINDOWS\System32

08/29/2002 05:00 AM 12,800 svchost.exe
09/08/2004 11:36 AM 372,736 ??chost.exe
2 File(s) 385,536 bytes

Directory of C:\Documents and Settings\furious_d\Desktop

8

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 26, 2005, 01:32:17 AM »

Sorry, I did not notice that. There must be some sort of limit for post length. Anyways, here is the new HighjackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:29:27 AM, on 3/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??chost.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: gkfdvauchrdfi - Unknown owner - C:\WINDOWS\System32\auchrdfi\gkfdv.exe (file missing)
O23 - Service: jhmcmlykjrgve - Unknown owner - C:\WINDOWS\System32\ykjrgve\jhmcml.exe (file missing)
O23 - Service: krmoasrusxbp - Unknown owner - C:\WINDOWS\System32\srusxbp\krmoa.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: mvcmxhvyrmf - Unknown owner - C:\WINDOWS\System32\yrmf\mvcmxhv.exe (file missing)
O23 - Service: pxedminwnqsedq - Unknown owner - C:\WINDOWS\System32\nqsedq\pxedminw.exe (file missing)
O23 - Service: rxcqcvfyoihssy - Unknown owner - C:\WINDOWS\System32\yoihssy\rxcqcvf.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

9

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 26, 2005, 12:53:41 AM »

Thank you, guestolo -- you are a life saver!

Here are the contents of the log you requested:

L2MFIX find log 1.03
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\dn8m01l1e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{827D5F66-3E6A-B55D-AE66-8402C24F3315}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}"=""
"{C2F52995-C213-408C-B9EF-7F25EE8C112E}"=""
"{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}"=""
"{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}"=""
"{2F58B2C9-CC51-4E58-8E2A-169D7DA6B497}"=""
"{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}"=""
"{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}"=""
"{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}"=""
"{FDD18C40-4468-4164-B1D0-40BFA655D25A}"=""
"{C8BA357E-7D18-4363-942E-33D16298307E}"=""
"{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}"=""
"{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}"=""
"{04559604-8DD0-42F2-B2C0-647C368B1E5D}"=""
"{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}"=""
"{287E013E-8124-4DA1-BC56-8AD68570EDC2}"=""
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{3D13B78E-B62C-489D-A20C-0175DCB6F12E}"=""
"{11170CCC-1677-4074-9D05-4BD3AAF3883E}"=""
"{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}"=""
"{6863A670-BFE0-4956-B5D0-1538000F6ED2}"=""
"{482210FE-D107-4DB3-A2F9-B956818456A2}"=""
"{068357E5-3008-49D0-81E3-7550D7B588AB}"=""
"{8C7356CB-E9E0-4A42-8869-5D6314400B48}"=""
"{DA031F65-48E8-46F4-A4F1-9139D359366C}"=""
"{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}"=""
"{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}"=""
"{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}"=""
"{A2060E0B-AF18-48C0-B691-596E23BFFCFB}"=""
"{F0957821-C9A2-4E11-AD32-7024B88025D3}"=""
"{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}"=""
"{2F754E2A-C52C-4312-96CA-1729CE4AFA46}"=""
"{DCFFF8CE-9604-45D8-B807-76AC04694A48}"=""
"{069B10A8-1A6C-421D-AC31-534BA6731602}"=""
"{3020E72D-E593-487A-B7F8-28F2215A6A85}"=""
"{44114228-FFF7-4568-A895-75486245A9D9}"=""

********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3865D3E5-DB85-4A0A-8AF2-2D3F093D569E}\InprocServer32]
@="C:\\WINDOWS\\system32\\IPCVID.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C2F52995-C213-408C-B9EF-7F25EE8C112E}\InprocServer32]
@="C:\\WINDOWS\\system32\\jNvacypt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{150EDC43-CEC2-495D-BAD3-F1DDB275B52C}\InprocServer32]
@="C:\\WINDOWS\\system32\\UGRCOINA.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{716C9D84-28DC-4CDF-A5BE-02B9E5F3C150}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJCBASE.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5522FD2F-14B7-4E21-BEAB-08400BF4AD41}\InprocServer32]
@="C:\\WINDOWS\\system32\\JTDW400.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC7B45C-EADF-4FCB-ACF7-8E3C82C771BF}\InprocServer32]
@="C:\\WINDOWS\\system32\\MRPATCHA.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8997A68B-F9AB-44E6-8A52-3EC25A216B8A}\InprocServer32]
@="C:\\WINDOWS\\system32\\ih6fwapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FDD18C40-4468-4164-B1D0-40BFA655D25A}\InprocServer32]
@="C:\\WINDOWS\\system32\\igengine.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8BA357E-7D18-4363-942E-33D16298307E}\InprocServer32]
@="C:\\WINDOWS\\system32\\jdproxy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FA2EAFA-460D-4B15-8D5F-3FFF6FE7F4B5}\InprocServer32]
@="C:\\WINDOWS\\system32\\czlbact.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB12D48-3AAA-4C18-AFA8-5C74F7FEFB08}\InprocServer32]
@="C:\\WINDOWS\\system32\\wkhip6.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04559604-8DD0-42F2-B2C0-647C368B1E5D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71F72C47-A7D2-4AB2-A123-C23B2546B2FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\wladmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{287E013E-8124-4DA1-BC56-8AD68570EDC2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D13B78E-B62C-489D-A20C-0175DCB6F12E}\InprocServer32]
@="C:\\WINDOWS\\system32\\VHA64K.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11170CCC-1677-4074-9D05-4BD3AAF3883E}\InprocServer32]
@="C:\\WINDOWS\\system32\\KYDIT.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{087767ED-0ADD-4BFB-9881-E0AB8C4F16EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6863A670-BFE0-4956-B5D0-1538000F6ED2}\InprocServer32]
@="C:\\WINDOWS\\system32\\cigbkend.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{482210FE-D107-4DB3-A2F9-B956818456A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\MBCAT32.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{068357E5-3008-49D0-81E3-7550D7B588AB}\InprocServer32]
@="C:\\WINDOWS\\system32\\KYDLV.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C7356CB-E9E0-4A42-8869-5D6314400B48}\InprocServer32]
@="C:\\WINDOWS\\system32\\dovenum.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA031F65-48E8-46F4-A4F1-9139D359366C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukimdmat.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FA509C6C-5CF6-4F38-8F12-A22FC3A1EAD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\SWLWID.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84CCF67F-2717-4672-A3B8-F7C1CAC1E9EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68D0CE0D-5ACB-4992-BAE0-AC3EDD840401}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2060E0B-AF18-48C0-B691-596E23BFFCFB}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F0957821-C9A2-4E11-AD32-7024B88025D3}\InprocServer32]
@="C:\\WINDOWS\\system32\\SCCPACK.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF83E70B-DCEA-495F-9305-8FF5284C8F5A}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F754E2A-C52C-4312-96CA-1729CE4AFA46}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFFF8CE-9604-45D8-B807-76AC04694A48}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{069B10A8-1A6C-421D-AC31-534BA6731602}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmxml3a.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3020E72D-E593-487A-B7F8-28F2215A6A85}\InprocServer32]
@="C:\\WINDOWS\\system32\\irctl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44114228-FFF7-4568-A895-75486245A9D9}\InprocServer32]
@="C:\\WINDOWS\\system32\\wehtcpip.dll"
"ThreadingModel"="Apartment"

********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aunbho.dll Wed Feb 23 2005 5:30:08p A.... 43,496 42.48 K
aunps.dll Wed Feb 23 2005 5:30:08p A.... 25,600 25.00 K
d6j02g~1.dll Sun Mar 6 2005 1:51:46p ..S.R 225,463 220.18 K
d8j02i~1.dll Sat Feb 19 2005 4:49:34p ..S.R 223,920 218.67 K
dbmv2clt.dll Mon Feb 21 2005 7:50:16p ..S.R 223,495 218.25 K
dgvenum.dll Fri Mar 25 2005 10:28:14p ..S.R 235,014 229.50 K
dn6u01~1.dll Mon Mar 7 2005 12:36:04a ..S.R 225,463 220.18 K
dn8m01~1.dll Fri Mar 25 2005 10:22:08p ..S.R 235,014 229.50 K
docore.dll Sat Feb 26 2005 1:24:00p A.... 151,552 148.00 K
dolsp.dll Wed Jan 12 2005 3:13:38p A.... 139,264 136.00 K
dosync.dll Thu Mar 17 2005 9:32:34p A.... 114,688 112.00 K
dsnet.dll Mon Mar 21 2005 8:20:42p ..... 235,014 229.50 K
dvprpres.dll Fri Mar 4 2005 4:36:58p ..S.R 225,463 220.18 K
e8202i~1.dll Mon Feb 28 2005 7:16:52p ..S.R 223,495 218.25 K
e8jm0i~1.dll Thu Mar 17 2005 6:31:16p ..S.R 233,248 227.78 K
en0ul1~1.dll Sat Jan 8 2005 10:28:18a ..S.R 222,899 217.67 K
fpr203~1.dll Fri Jan 21 2005 12:08:30p ..S.R 223,469 218.23 K
fqnnt.dll Fri Feb 18 2005 6:13:48p A.... 99,840 97.50 K
gp28l3~1.dll Sun Jan 2 2005 6:45:50p ..S.R 222,899 217.67 K
gppsl3~1.dll Tue Dec 28 2004 8:50:08p ..S.R 222,899 217.67 K
h8l2li~1.dll Tue Dec 28 2004 11:14:30p ..S.R 222,899 217.67 K
hr4o05~1.dll Sat Jan 1 2005 2:56:30p ..S.R 222,899 217.67 K
hr6005~1.dll Sun Mar 20 2005 2:05:48p ..S.R 235,980 230.45 K
hrns05~1.dll Tue Dec 28 2004 11:19:38p ..S.R 222,899 217.67 K
i2060c~1.dll Sun Mar 13 2005 7:15:14p ..S.R 232,794 227.34 K
ic2_wi~1.dll Thu Feb 10 2005 11:42:16p A.... 135,168 132.00 K
irctl.dll Fri Mar 25 2005 11:37:34p ..... 235,014 229.50 K
jtlu07~1.dll Mon Mar 14 2005 9:23:26p ..S.R 232,736 227.28 K
kddit.dll Fri Mar 25 2005 10:02:54p ..S.R 235,014 229.50 K
kldycc.dll Fri Mar 18 2005 8:34:40p ..S.R 232,794 227.34 K
knymgr.dll Sun Feb 20 2005 12:45:12p ..S.R 223,495 218.25 K
kqdal.dll Fri Mar 25 2005 10:16:04p ..S.R 235,014 229.50 K
kt0ol7~1.dll Fri Mar 25 2005 10:18:04p ..S.R 235,014 229.50 K
ktj0l7~1.dll Sat Dec 25 2004 7:42:54p ..S.R 223,916 218.67 K
ktjul7~1.dll Fri Mar 25 2005 11:33:02p ..S.R 235,014 229.50 K
ktn0l7~1.dll Mon Feb 21 2005 9:10:16p ..... 223,495 218.25 K
lekodak.dll Fri Feb 18 2005 5:55:40p ..S.R 223,495 218.25 K
lv6u09~1.dll Thu Mar 17 2005 7:03:12a ..S.R 232,794 227.34 K
lvn209~1.dll Fri Mar 18 2005 10:26:56p ..S.R 233,248 227.78 K
lz6u09~1.dll Fri Mar 18 2005 9:02:10p ..S.R 233,248 227.78 K
m2nq0c~1.dll Fri Jan 14 2005 5:15:14p ..S.R 222,899 217.67 K
mcratelc.dll Thu Feb 24 2005 5:46:08p ..... 223,495 218.25 K
mgrmsg.dll Mon Dec 27 2004 3:58:16p ..S.R 222,899 217.67 K
mhvideo.dll Fri Mar 25 2005 9:57:20p ..S.R 235,014 229.50 K
n66qlg~1.dll Thu Jan 6 2005 6:25:04p ..S.R 222,899 217.67 K
natcfgx.dll Sat Mar 19 2005 5:28:14p ..S.R 235,014 229.50 K
o0ns0a~1.dll Mon Mar 21 2005 6:26:54p ..S.R 235,014 229.50 K
o0pq0a~1.dll Fri Jan 14 2005 5:59:58p ..S.R 223,469 218.23 K
omexl32.dll Wed Dec 29 2004 12:09:08a ..S.R 222,899 217.67 K
pop5.dll Tue Dec 28 2004 2:25:26p A.... 53,760 52.50 K
q4rq0e~1.dll Sat Mar 5 2005 10:43:48p ..S.R 223,624 218.38 K
r6r6lg~1.dll Thu Feb 17 2005 8:59:58p ..S.R 222,899 217.67 K
rzhx32.dll Mon Mar 14 2005 8:50:26p ..S.R 232,736 227.28 K
s6880g~1.dll Sat Jan 8 2005 12:01:34a ..S.R 222,899 217.67 K
stlb2.dll Fri Mar 25 2005 9:06:36p A.... 229,376 224.00 K
syssfitb.dll Wed Feb 23 2005 5:34:36p A.... 274,432 268.00 K
szhedsvc.dll Tue Mar 8 2005 5:40:44p ..S.R 225,463 220.18 K
wehtcpip.dll Fri Mar 25 2005 10:34:02p ..S.R 235,014 229.50 K

58 items found: 58 files (44 H/S), 0 directories.
Total of file sizes: 12,222,930 bytes 11.66 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
92.tmp Fri Mar 25 2005 2:04:42p A.... 123,904 121.00 K
95.tmp Fri Mar 25 2005 2:04:50p A.... 123,904 121.00 K
98.tmp Fri Mar 25 2005 2:04:50p A.... 123,904 121.00 K
9b.tmp Fri Mar 25 2005 2:04:52p A.... 123,904 121.00 K
guard.tmp Fri Mar 25 2005 11:43:34p ..S.R 235,014 229.50 K

5 items found: 5 files (1 H/S), 0 directories.
Total of file sizes: 730,630 bytes 713.50 K
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is B873-61B6

Directory of C:\WINDOWS\System32

03/25/2005 11:43 PM 235,014 guard.tmp
03/25/2005 11:33 PM 235,014 ktjul7191.dll
03/25/2005 10:34 PM 235,014 wehtcpip.dll
03/25/2005 10:28 PM 235,014 dgvenum.dll
03/25/2005 10:22 PM 235,014 dn8m01l1e.dll
03/25/2005 10:18 PM 235,014 kt0ol7d31.dll
03/25/2005 10:16 PM 235,014 KQDAL.DLL
03/25/2005 10:02 PM 235,014 KDDIT.DLL
03/25/2005 09:57 PM 235,014 MHVIDEO.DLL
03/21/2005 06:26 PM 235,014 o0ns0a57ed.dll
03/20/2005 02:05 PM 235,980 hr6005jme.dll
03/19/2005 05:28 PM 235,014 natcfgx.dll
03/18/2005 10:26 PM 233,248 lvn2095oe.dll
03/18/2005 09:02 PM 233,248 lz6u09j9e.dll
03/18/2005 08:34 PM 232,794 KLDYCC.DLL
03/17/2005 06:31 PM 233,248 e8jm0i11e8.dll
03/17/2005 07:03 AM 232,794 lv6u09j9e.dll
03/14/2005 09:23 PM 232,736 jtlu0739e.dll
03/14/2005 08:50 PM 232,736 rzhx32.dll
03/13/2005 07:15 PM 232,794 i2060cdsef060.dll
03/08/2005 05:40 PM 225,463 szhedsvc.dll
03/07/2005 12:36 AM 225,463 dn6u01j9e.dll
03/06/2005 01:51 PM 225,463 d6j02g1mg6.dll
03/05/2005 10:43 PM 223,624 q4rq0e95eh.dll
03/04/2005 04:36 PM 225,463 dvprpres.dll
02/28/2005 07:16 PM 223,495 e8202ifmg82a2.dll
02/24/2005 05:51 PM <DIR> DLLCACHE
02/21/2005 07:50 PM 223,495 dbmv2clt.dll
02/20/2005 12:45 PM 223,495 knymgr.dll
02/19/2005 04:49 PM 223,920 d8j02i1mg8.dll
02/18/2005 05:55 PM 223,495 Lekodak.dll
02/17/2005 08:59 PM 222,899 r6r6lg9s16.dll
01/21/2005 12:08 PM 223,469 fpr2039oe.dll
01/14/2005 05:59 PM 223,469 o0pq0a75ed.dll
01/14/2005 05:15 PM 222,899 m2nq0c55ef.dll
01/08/2005 10:28 AM 222,899 en0ul1d91.dll
01/08/2005 12:01 AM 222,899 s6880glue6q80.dll
01/06/2005 06:25 PM 222,899 n66qlgj516o.dll
01/02/2005 06:45 PM 222,899 gp28l3fu1.dll
01/01/2005 02:56 PM 222,899 hr4o05h3e.dll
12/29/2004 12:09 AM 222,899 omexl32.dll
12/28/2004 11:19 PM 222,899 hrns0557e.dll
12/28/2004 11:14 PM 222,899 h8l2li3o18.dll
12/28/2004 08:50 PM 222,899 gppsl3771.dll
12/27/2004 03:58 PM 222,899 MGRMSG.DLL
12/25/2004 07:42 PM 223,916 ktj0l71m1.dll
12/24/2004 05:20 PM 222,899 t8r80i9ue8.dll
12/24/2004 12:09 PM 222,899 JNSH400.DLL
12/23/2004 04:28 PM 223,799 h22o0cf3ef2.dll
12/23/2004 01:33 AM 222,899 k226lcfs1f26.dll
12/23/2004 01:23 AM 222,899 dzvacm.dll
12/20/2004 11:34 PM 222,899 jt8u07l9e.dll
12/20/2004 01:15 AM 222,899 k6nolg5316.dll
12/19/2004 02:13 AM 222,899 mv2ml9f11.dll
12/15/2004 09:53 PM 222,899 dnns0157e.dll
12/15/2004 06:57 PM 222,899 j44o0eh3eh4.dll
12/14/2004 10:40 PM 222,899 h04mlah11d4.dll
12/13/2004 09:44 PM 223,626 mvj2l91o1.dll
12/10/2004 09:58 PM 222,899 okbcji32.dll
12/10/2004 04:15 PM 222,899 KHDGR.DLL
12/10/2004 04:02 PM 225,695 IWSHLPR.DLL
12/10/2004 03:37 PM 222,899 dvnet.dll
12/10/2004 12:43 AM 224,236 fpl2033oe.dll
12/10/2004 12:21 AM 225,789 gpr8l39u1.dll
12/09/2004 04:25 PM 225,789 MUCMS.DLL
12/09/2004 04:25 PM 222,629 o2480chuef480.dll
12/09/2004 04:12 PM 222,647 r8p80i7ue8.dll
12/09/2004 03:33 PM 224,979 irn8l55u1.dll
11/20/2004 01:49 AM 56 BF0F98BD67.sys
11/20/2004 01:49 AM 1,682 KGyGaAvL.sys
09/08/2004 11:36 AM 372,736 ??chost.exe
02/25/2003 09:15 AM <DIR> Microsoft
70 File(s) 15,565,100 bytes
2 Dir(s) 48,355,799,040 bytes free

10

Tech Clinic / Need help with spyware (desktop.exe among others)

« on: March 24, 2005, 10:48:01 PM »

I have been having problems over the past few weeks with pop-ups showing up while my DSL is connected, regardless of whether I am browsing the Internet. My computer is overall very slow, which I've been remedying by just clearing the Task Manager of any unfamiliar programs. Finally, the desktop.exe bar started showing up on my desktop every time I started up my computer. I assume that it's due to spyware, but Ad-Aware and Spybot S&D never seem to fix this. Any help you could offer would be greatly appreciated!

Here's my HighjackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:38:19 PM, on 3/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\oifvl\jgsgewy.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\arqsmuyn\aajyfc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\WINDOWS\System32\soundcontrl.exe
C:\WINDOWS\aqadcup.exe
C:\WINDOWS\System32\Microsoft.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\DOCUME~1\FURIOU~1\LOCALS~1\Temp\32cx423.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\secure.exe
C:\WINDOWS\System32\ykjrgve\jhmcml.exe
C:\windows\system32\vdxregvs.exe
C:\WINDOWS\System32\ffisysi6.exe
C:\WINDOWS\System32\pxabgq\armnrp.exe
C:\WINDOWS\System32\mfwjhuwc\pefkv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\kkui\nwgctre.exe
C:\WINDOWS\System32\??chost.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\hyfamjb\vghvqpgu.exe
C:\WINDOWS\System32\piokg\jpmryixe.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\System32\autodrop.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [scvhost] scvhost.exe
O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [hcbyfsx] C:\WINDOWS\hcbyfsx.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\FURIOU~1\LOCALS~1\Temp\32cx423.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [vidbbz] c:\windows\system32\vidbbz.exe
O4 - HKLM\..\Run: [8tyx6veo] C:\Program Files\8tyx6veo\8tyx6veo.exe
O4 - HKLM\..\Run: [mzwfgh] C:\WINDOWS\mzwfgh.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [AutoLoader3suo1PKfLZXK] "C:\WINDOWS\System32\eqngnt.exe" /HideDir /HideUninstall /PC="CP.BIG" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [3F5U35X] eqngnt.exe
O4 - HKLM\..\Run: [wwyem] C:\WINDOWS\System32\eygpy\wwyem.exe
O4 - HKLM\..\Run: [mlpxb] C:\WINDOWS\System32\edvg\mlpxb.exe
O4 - HKLM\..\Run: [jlhlatk] C:\WINDOWS\System32\gdgvmc\jlhlatk.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [uousam] C:\WINDOWS\System32\amion\uousam.exe
O4 - HKLM\..\Run: [krfbp] C:\WINDOWS\System32\uqvqrys\krfbp.exe
O4 - HKLM\..\Run: [nvif] C:\WINDOWS\System32\nxbhexbu\nvif.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\JD_ONL~1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [hgvqv] C:\WINDOWS\System32\foaw\hgvqv.exe
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\vdxregvs.exe lee0105
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\System32\ffisysi6.exe lee0105
O4 - HKLM\..\Run: [txyisl] C:\WINDOWS\System32\nbls\txyisl.exe
O4 - HKLM\..\Run: [mvcmxhv] C:\WINDOWS\System32\yrmf\mvcmxhv.exe
O4 - HKLM\..\Run: [hsndkgd] C:\WINDOWS\System32\emam\hsndkgd.exe
O4 - HKLM\..\Run: [qxqal] C:\WINDOWS\System32\vefvkdts\qxqal.exe
O4 - HKLM\..\Run: [kpquywbg] C:\WINDOWS\System32\pkrwmxa\kpquywbg.exe
O4 - HKLM\..\Run: [ygld] C:\WINDOWS\System32\ajlbx\ygld.exe
O4 - HKLM\..\Run: [sgwds] C:\WINDOWS\System32\ihiifnuy\sgwds.exe
O4 - HKLM\..\Run: [bvmil] C:\WINDOWS\System32\istr\bvmil.exe
O4 - HKLM\..\Run: [gkfdv] C:\WINDOWS\System32\auchrdfi\gkfdv.exe
O4 - HKLM\..\Run: [onthbc] C:\WINDOWS\System32\hfrkqfcd\onthbc.exe
O4 - HKLM\..\Run: [hmdh] C:\WINDOWS\System32\oyqtqnwh\hmdh.exe
O4 - HKLM\..\Run: [krmoa] C:\WINDOWS\System32\srusxbp\krmoa.exe
O4 - HKLM\..\Run: [ogacxs] C:\WINDOWS\System32\edfsp\ogacxs.exe
O4 - HKLM\..\Run: [mvahkx] C:\WINDOWS\System32\bcem\mvahkx.exe
O4 - HKLM\..\Run: [fawufouy] C:\WINDOWS\System32\gdorcrug\fawufouy.exe
O4 - HKLM\..\Run: [bvklcmq] C:\WINDOWS\System32\wdmseywf\bvklcmq.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitexdh32.exe
O4 - HKLM\..\Run: [pxedminw] C:\WINDOWS\System32\nqsedq\pxedminw.exe
O4 - HKLM\..\Run: [rwbet] C:\WINDOWS\System32\xrtnt\rwbet.exe
O4 - HKLM\..\Run: [oatfrtt] C:\WINDOWS\System32\quwb\oatfrtt.exe
O4 - HKLM\..\Run: [tgsf] C:\WINDOWS\System32\igylk\tgsf.exe
O4 - HKLM\..\Run: [fhix] C:\WINDOWS\System32\axmacsig\fhix.exe
O4 - HKLM\..\Run: [fxlgifl] C:\WINDOWS\System32\sjhkp\fxlgifl.exe
O4 - HKLM\..\Run: [rxcqcvf] C:\WINDOWS\System32\yoihssy\rxcqcvf.exe
O4 - HKLM\..\Run: [qllxy] C:\WINDOWS\System32\oyiqjkg\qllxy.exe
O4 - HKLM\..\Run: [armnrp] C:\WINDOWS\System32\pxabgq\armnrp.exe
O4 - HKLM\..\Run: [cdsu] C:\WINDOWS\System32\peqnna\cdsu.exe
O4 - HKLM\..\Run: [mmkoru] C:\WINDOWS\System32\okyqnid\mmkoru.exe
O4 - HKLM\..\Run: [mwua] C:\WINDOWS\System32\mcaifdr\mwua.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [aajyfc] C:\WINDOWS\System32\arqsmuyn\aajyfc.exe
O4 - HKLM\..\Run: [jgsgewy] C:\WINDOWS\System32\oifvl\jgsgewy.exe
O4 - HKLM\..\Run: [pefkv] C:\WINDOWS\System32\mfwjhuwc\pefkv.exe
O4 - HKLM\..\Run: [hdky] C:\WINDOWS\System32\ydskoo\hdky.exe
O4 - HKLM\..\Run: [fcabn] C:\WINDOWS\System32\gwbfjup\fcabn.exe
O4 - HKLM\..\Run: [jhmcml] C:\WINDOWS\System32\ykjrgve\jhmcml.exe
O4 - HKLM\..\Run: [vghvqpgu] C:\WINDOWS\System32\hyfamjb\vghvqpgu.exe
O4 - HKLM\..\Run: [jpmryixe] C:\WINDOWS\System32\piokg\jpmryixe.exe
O4 - HKLM\..\Run: [nwgctre] C:\WINDOWS\System32\kkui\nwgctre.exe
O4 - HKLM\..\RunServices: [scvhost] scvhost.exe
O4 - HKLM\..\RunServices: [soundtasks] soundtasks.exe
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\furious_d\Application Data\ttuh.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dycku] C:\WINDOWS\System32\mzsuo.exe
O4 - HKCU\..\Run: [Vodojv] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - HKCU\..\Run: [Iou8RRbtQ] rasfldr.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Startup: DSL Connection.lnk = C:\WINDOWS\SYSTEM32\rasphone.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0693bf3230200b469302/...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0010.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE96FB46-15EF-4AAD-823A-EF3053CBEC06}: NameServer = 65.43.19.26 206.141.192.60
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\mvp2l97o1.dll
O23 - Service: bvklcmqwdmseywf - Unknown owner - C:\WINDOWS\System32\wdmseywf\bvklcmq.exe
O23 - Service: bvmilistr - Unknown owner - C:\WINDOWS\System32\istr\bvmil.exe
O23 - Service: fhixaxmacsig - Unknown owner - C:\WINDOWS\System32\axmacsig\fhix.exe
O23 - Service: gkfdvauchrdfi - Unknown owner - C:\WINDOWS\System32\auchrdfi\gkfdv.exe
O23 - Service: jgsgewyoifvl - Unknown owner - C:\WINDOWS\System32\oifvl\jgsgewy.exe
O23 - Service: jhmcmlykjrgve - Unknown owner - C:\WINDOWS\System32\ykjrgve\jhmcml.exe
O23 - Service: krfbpuqvqrys - Unknown owner - C:\WINDOWS\System32\uqvqrys\krfbp.exe
O23 - Service: krmoasrusxbp - Unknown owner - C:\WINDOWS\System32\srusxbp\krmoa.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: mvahkxbcem - Unknown owner - C:\WINDOWS\System32\bcem\mvahkx.exe
O23 - Service: mvcmxhvyrmf - Unknown owner - C:\WINDOWS\System32\yrmf\mvcmxhv.exe
O23 - Service: nvifnxbhexbu - Unknown owner - C:\WINDOWS\System32\nxbhexbu\nvif.exe
O23 - Service: nwgctrekkui - Unknown owner - C:\WINDOWS\System32\kkui\nwgctre.exe
O23 - Service: oatfrttquwb - Unknown owner - C:\WINDOWS\System32\quwb\oatfrtt.exe
O23 - Service: pxedminwnqsedq - Unknown owner - C:\WINDOWS\System32\nqsedq\pxedminw.exe
O23 - Service: qllxyoyiqjkg - Unknown owner - C:\WINDOWS\System32\oyiqjkg\qllxy.exe
O23 - Service: rxcqcvfyoihssy - Unknown owner - C:\WINDOWS\System32\yoihssy\rxcqcvf.exe
O23 - Service: txyislnbls - Unknown owner - C:\WINDOWS\System32\nbls\txyisl.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

TheTechGuide Forum

News:

Messages - snoogans

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)

Tech Clinic / Need help with spyware (desktop.exe among others)