Options
I think my computer may have a virus...
Here's the log file of items that were quarantined on my computer using Adware. What other precautions should I take?
Thanks in Advance!
ArchiveData(auto-quarantine- 2005-04-18 15-08-07.bckp)
Referencefile : SE1R38 11.04.2005
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent\09638TIR.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Owner\recent\100ALBUM.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Owner\recent\100SMDVC.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\Owner\recent\11.lnk
obj[4]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\search assistant\acmru\5001
obj[5]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[6]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\acs
obj[7]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ASF
obj[8]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ASM
obj[9]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[10]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.chm
obj[11]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.cl5
obj[12]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.cpp
obj[13]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[14]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[15]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.JPG
obj[16]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[17]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mht
obj[18]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[19]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pps
obj[20]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ppt
obj[21]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rtf
obj[22]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[23]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c1
obj[24]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c2
obj[25]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c3
obj[26]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c4
obj[27]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[28]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\player\settings opendir
obj[29]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[30]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[31]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru value
obj[32]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\excel\recent files
obj[33]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\powerpoint\recent file list
obj[34]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru value
obj[35]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\player\recentfilelist
obj[36]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\internet explorer\main save directory
obj[37]=MRU FileReference : C:\Documents and Settings\Owner\recent\CE7.lnk
obj[38]=MRU FileReference : C:\Documents and Settings\Owner\recent\CE9.lnk
obj[39]=MRU FileReference : C:\Documents and Settings\Owner\recent\CLM.lnk
obj[40]=MRU FileReference : C:\Documents and Settings\Owner\recent\CLM_Resume (2).lnk
obj[41]=MRU FileReference : C:\Documents and Settings\Owner\recent\CLM_Resume.lnk
obj[42]=MRU FileReference : C:\Documents and Settings\Owner\recent\CLM_Resume_School.lnk
obj[43]=MRU FileReference : C:\Documents and Settings\Owner\recent\Concentration_Courses.lnk
obj[44]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cornrows.lnk
obj[45]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cruise Vacation 001.lnk
obj[46]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cruise Vacation 050.lnk
obj[47]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentSkins1
obj[48]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[49]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cruise Vacation 067.lnk
obj[50]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cruise Vacation 105.lnk
obj[51]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips1
obj[52]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips2
obj[53]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips3
obj[54]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips4
obj[55]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips5
obj[56]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips6
obj[57]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips7
obj[58]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips8
obj[59]=MRU FileReference : C:\Documents and Settings\Owner\recent\Euclid.lnk
obj[60]=MRU FileReference : C:\Documents and Settings\Owner\recent\fafsa email.lnk
obj[61]=MRU FileReference : C:\Documents and Settings\Owner\recent\february events.lnk
obj[62]=MRU FileReference : C:\Documents and Settings\Owner\recent\File0005.lnk
obj[63]=MRU FileReference : C:\Documents and Settings\Owner\recent\File0009.lnk
obj[64]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\internet explorer download directory
obj[65]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[66]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\microsoft management console\recent file list
obj[67]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\player\settings saveasdir
obj[68]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\common\general symbolmru
obj[69]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\preferences cdrecordpath
obj[70]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\internet explorer\typedurls
obj[71]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41C23512.MSG-1-STAND%20UP%20OR%20SHUT%20UP%202.doc.lnk
obj[72]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41C682D5.MSG-1-YOGAword.doc.lnk
obj[73]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41C90934.MSG-1-MEMO-%20Pollard%20Resignation.doc.lnk
obj[74]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41DA8E75.MSG-2-Monday%20e_board%20meeting.doc.lnk
obj[75]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41DCCC69.MSG-1-INTEREST%20MEETING.doc.lnk
obj[76]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\preferences lastplaylist
obj[77]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP42236EE0.MSG-1-HIV%20Testing%20Today.doc.lnk
obj[78]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\clip organizer\search\last query
obj[79]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\preferences searchpath
obj[80]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[81]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[82]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows media\wmsdk\general computername
obj[83]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bnc.mbhs.edu-media-FTM_11-07-02.doc.lnk
obj[84]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--faculty.washington.edu-qtaylor-Courses-322_AAH-322_Manual.doc.lnk
obj[85]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--www.comp.nus.edu.sg-~noi-tasks-1999-tasks99.doc.lnk
obj[86]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--www.si.umich.edu-Classes-540-Readings-ProgrammingLanguages.doc.lnk
obj[87]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--www.suno.edu-pesmact-hbcu-up2005-Conference.doc.lnk
obj[88]=MRU FileReference : C:\Documents and Settings\Owner\recent\https--www.nsa.gov-applyonline-psft-V1625518726-CLM_Resume_School.doc.lnk
obj[89]=MRU FileReference : C:\Documents and Settings\Owner\recent\HW7_Back.lnk
obj[90]=MRU FileReference : C:\Documents and Settings\Owner\recent\HW7_Front.lnk
obj[91]=MRU FileReference : C:\Documents and Settings\Owner\recent\IAAB.lnk
obj[92]=MRU FileReference : C:\Documents and Settings\Owner\recent\IBM_Site.lnk
obj[93]=MRU FileReference : C:\Documents and Settings\Owner\recent\IBM_Site2.lnk
obj[94]=MRU FileReference : C:\Documents and Settings\Owner\recent\Increment.lnk
obj[95]=MRU FileReference : C:\Documents and Settings\Owner\recent\Internet Explorer.lnk
obj[96]=MRU FileReference : C:\Documents and Settings\Owner\recent\ISP Concentration confirmation form.lnk
obj[97]=MRU FileReference : C:\Documents and Settings\Owner\recent\ISP Internship confirmation form 05.lnk
obj[98]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB3 (2).lnk
obj[99]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB3.lnk
obj[100]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB5 (2).lnk
obj[101]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB5.lnk
obj[102]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB5_2.lnk
obj[103]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB5_PAR.lnk
obj[104]=MRU FileReference : C:\Documents and Settings\Owner\recent\Labpg2.lnk
obj[105]=MRU FileReference : C:\Documents and Settings\Owner\recent\manual.lnk
obj[106]=MRU FileReference : C:\Documents and Settings\Owner\recent\ME.lnk
obj[107]=MRU FileReference : C:\Documents and Settings\Owner\recent\Me3.lnk
obj[108]=MRU FileReference : C:\Documents and Settings\Owner\recent\me5.lnk
obj[109]=MRU FileReference : C:\Documents and Settings\Owner\recent\Me@A&T.lnk
obj[110]=MRU FileReference : C:\Documents and Settings\Owner\recent\Media.lnk
obj[111]=MRU FileReference : C:\Documents and Settings\Owner\recent\Missing3578.lnk
obj[112]=MRU FileReference : C:\Documents and Settings\Owner\recent\My Love.lnk
obj[113]=MRU FileReference : C:\Documents and Settings\Owner\recent\My Music.lnk
obj[114]=MRU FileReference : C:\Documents and Settings\Owner\recent\My Pictures.lnk
obj[115]=MRU FileReference : C:\Documents and Settings\Owner\recent\NAA.lnk
obj[116]=MRU FileReference : C:\Documents and Settings\Owner\recent\Nat_Turner.lnk
obj[117]=MRU FileReference : C:\Documents and Settings\Owner\recent\NG_Diversity_Scholarship.lnk
obj[118]=MRU FileReference : C:\Documents and Settings\Owner\recent\NG_Scholarship_App.lnk
obj[119]=MRU FileReference : C:\Documents and Settings\Owner\recent\Northrop_Grumman_Scholarship.lnk
obj[120]=MRU FileReference : C:\Documents and Settings\Owner\recent\Northrop_Grumman_Scholarship.txt.lnk
obj[121]=MRU FileReference : C:\Documents and Settings\Owner\recent\Notes.lnk
obj[122]=MRU FileReference : C:\Documents and Settings\Owner\recent\NSBE_Registration_Confirmation.lnk
obj[123]=MRU FileReference : C:\Documents and Settings\Owner\recent\Personality.lnk
obj[124]=MRU FileReference : C:\Documents and Settings\Owner\recent\phone.lnk
obj[125]=MRU FileReference : C:\Documents and Settings\Owner\recent\Play_Critique.lnk
obj[126]=MRU FileReference : C:\Documents and Settings\Owner\recent\PracticeSD2.lnk
obj[127]=MRU FileReference : C:\Documents and Settings\Owner\recent\PracticeStateDiagram.lnk
obj[128]=MRU FileReference : C:\Documents and Settings\Owner\recent\PrettyinHotPink&Black.lnk
obj[129]=MRU FileReference : C:\Documents and Settings\Owner\recent\PYLAB.lnk
obj[130]=MRU FileReference : C:\Documents and Settings\Owner\recent\RCP (2).lnk
obj[131]=MRU FileReference : C:\Documents and Settings\Owner\recent\RCP (3).lnk
obj[132]=MRU FileReference : C:\Documents and Settings\Owner\recent\RCP.lnk
obj[133]=MRU FileReference : C:\Documents and Settings\Owner\recent\Reese.lnk
obj[134]=MRU FileReference : C:\Documents and Settings\Owner\recent\rita.lnk
obj[135]=MRU FileReference : C:\Documents and Settings\Owner\recent\Schedule.lnk
obj[136]=MRU FileReference : C:\Documents and Settings\Owner\recent\sequence2_jpg (2).lnk
obj[137]=MRU FileReference : C:\Documents and Settings\Owner\recent\sequence2_jpg.lnk
obj[138]=MRU FileReference : C:\Documents and Settings\Owner\recent\SequentialCircuit.lnk
obj[139]=MRU FileReference : C:\Documents and Settings\Owner\recent\SMOV0002.lnk
obj[140]=MRU FileReference : C:\Documents and Settings\Owner\recent\SMOV0003.lnk
obj[141]=MRU FileReference : C:\Documents and Settings\Owner\recent\StateTable.lnk
obj[142]=MRU FileReference : C:\Documents and Settings\Owner\recent\sum.lnk
obj[143]=MRU FileReference : C:\Documents and Settings\Owner\recent\sum.txt on unix.uncg.edu.lnk
obj[144]=MRU FileReference : C:\Documents and Settings\Owner\recent\Summary 10.lnk
obj[145]=MRU FileReference : C:\Documents and Settings\Owner\recent\Summary 11.lnk
obj[146]=MRU FileReference : C:\Documents and Settings\Owner\recent\Summary 13.lnk
obj[147]=MRU FileReference : C:\Documents and Settings\Owner\recent\Summary 8 (2).lnk
obj[148]=MRU FileReference : C:\Documents and Settings\Owner\recent\T&C.lnk
obj[149]=MRU FileReference : C:\Documents and Settings\Owner\recent\TC_CCPaper.lnk
obj[150]=MRU FileReference : C:\Documents and Settings\Owner\recent\Teresa Stephanie King (Letter)[1].lnk
obj[151]=MRU FileReference : C:\Documents and Settings\Owner\recent\TH.lnk
obj[152]=MRU FileReference : C:\Documents and Settings\Owner\recent\Title.lnk
obj[153]=MRU FileReference : C:\Documents and Settings\Owner\recent\TSK_Personal Statement[1].lnk
obj[154]=MRU FileReference : C:\Documents and Settings\Owner\recent\Tweet.lnk
obj[155]=MRU FileReference : C:\Documents and Settings\Owner\recent\Tweete.lnk
obj[156]=MRU FileReference : C:\Documents and Settings\Owner\recent\uncf.lnk
obj[157]=MRU FileReference : C:\Documents and Settings\Owner\recent\unix.uncg.edu.lnk
obj[158]=MRU FileReference : C:\Documents and Settings\Owner\recent\Unofficial Transcript (2).lnk
obj[159]=MRU FileReference : C:\Documents and Settings\Owner\recent\Unofficial Transcript.lnk
obj[160]=MRU FileReference : C:\Documents and Settings\Owner\recent\Unofficial_Transcript.lnk
obj[161]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (2).lnk
obj[162]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (3).lnk
obj[163]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (4).lnk
obj[164]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (5).lnk
obj[165]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (6).lnk
obj[166]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (7).lnk
obj[167]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank.lnk
obj[168]=MRU FileReference : C:\Documents and Settings\Owner\recent\WOULD YOU LIKE TO TRAVEL.lnk
obj[169]=MRU FileReference : C:\Documents and Settings\Owner\recent\YI90DXL5.lnk
obj[171]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
obj[172]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
PEOPLEONPAGE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[35]=Process : C:\Program Files\AutoUpdate\AutoUpdate.exe
obj[39]=Process : C:\Program Files\CxtPls\ace.dll
obj[165]=Regkey : S-1-5-21-602162358-1644491937-682003330-1003\software\apropos
obj[186]=Regkey : software\apropos
obj[187]=Regkey : software\envolo
obj[188]=Regkey : software\microsoft\windows\currentversion\uninstall\autoupdate
obj[189]=RegValue : software\microsoft\windows\currentversion\uninstall\autoupdate "UninstallString"
obj[209]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "AutoUpdater"
obj[214]=Regkey : software\autoloader
obj[215]=Folder : C:\Program Files\AutoUpdate
obj[216]=Folder : C:\DOCUME~1\Owner\LOCALS~1\Temp\AutoUpdate0
obj[217]=Folder : C:\DOCUME~1\Owner\LOCALS~1\Temp\Atf
obj[230]=File : c:\program files\autoupdate\autoupdate.exe
obj[239]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\AutoUpdate0\auto_update_install.exe
obj[245]=File : C:\Program Files\autoupdate\libexpat.dll
obj[246]=File : C:\windows\System32\auto_update_uninstall.exe
obj[247]=File : C:\windows\System32\auto_update_uninstall.log
obj[248]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\autoupdate0\setup.inf
obj[249]=File : C:\Program Files\cxtpls\ace.dll
obj[250]=File : C:\Program Files\cxtpls\AI_17-04-2005.log
obj[251]=File : C:\Program Files\cxtpls\AI_18-04-2005.log
obj[252]=File : C:\Program Files\cxtpls\atl.dll
obj[253]=File : C:\Program Files\cxtpls\CxtPls.dll
obj[254]=File : C:\Program Files\cxtpls\CxtPls.exe
obj[255]=File : C:\Program Files\cxtpls\data.bin
obj[256]=File : C:\Program Files\cxtpls\libexpat.dll
obj[257]=File : C:\Program Files\cxtpls\ProxyStub.dll
obj[258]=File : C:\Program Files\cxtpls\uninstaller.exe
obj[259]=File : C:\Program Files\cxtpls\WinGenerics.dll
VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[36]=Process : C:\windows\system32\zthlximr.exe
obj[190]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000049-8f91-4d9c-9573-f016e7626484}
obj[218]=RegValue : software\microsoft\internet explorer\toolbar\webbrowser "{0E5CBF21-D15F-11D0-8301-00AA005B4383}"
obj[219]=Folder : C:\DOCUME~1\Owner\LOCALS~1\Temp\DrTemp
obj[260]=File : C:\windows\wininit.ini
MEDIAMOTOR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[37]=Process : C:\windows\ceres.dll
obj[110]=Regkey : ceresdll.ceresdllobj
obj[111]=RegValue : ceresdll.ceresdllobj ""
obj[112]=Regkey : clsid\{00000049-8f91-4d9c-9573-f016e7626484}
obj[113]=RegValue : clsid\{00000049-8f91-4d9c-9573-f016e7626484} ""
obj[114]=Regkey : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
obj[115]=RegValue : interface\{bb0d5adc-028d-4185-9288-722ddce2c757} ""
obj[116]=Regkey : ceresdll.ceresdllobj.1
obj[117]=RegValue : ceresdll.ceresdllobj.1 ""
obj[118]=Regkey : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}
obj[135]=Regkey : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres
obj[136]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4d3OfSInst"
obj[137]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSC4n3trMsgSDisp"
obj[138]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4d3OfSDist"
obj[139]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4o3pListSPos"
obj[140]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSs4t3icky1S"
obj[141]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSs4t3icky2S"
obj[142]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSs4t3icky3S"
obj[143]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSs4t3icky4S"
obj[144]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSC1o4d3eOfSFinalAd"
obj[145]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4i3m6eOfSFinalAd"
obj[146]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSD4s3tSSEnd"
obj[147]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CS4N3a6tionSCode"
obj[148]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSP4D3om"
obj[149]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4n3ProgSCab"
obj[150]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4n3ProgSEx"
obj[151]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4n3ProgSLstest"
obj[152]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSL4a3stSSChckin"
obj[153]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSB4D3om"
obj[154]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSC4u3rrentSMode"
obj[155]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSC4n3tFyl"
obj[156]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSM4o3deSSync"
obj[157]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4h3rshSBath"
obj[158]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4h3rshSysSInf"
obj[159]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4h3rshSCheckSIn"
obj[160]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4h3rshSMots"
obj[161]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSL4n3Title"
obj[162]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4g3noreS"
obj[163]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSL4a3stMotsSDay"
obj[164]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSS4t3atusOfSInst"
obj[210]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "farmmext"
obj[231]=File : c:\windows\farmmext.exe
obj[233]=File : C:\windows\ceres.dll
obj[241]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\THI2D4A.tmp\ceres.cab
obj[242]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\THI2D4A.tmp\ceres.dll
obj[243]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\THI6D95.tmp\farmmext.cab
obj[244]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\THI6D95.tmp\farmmext.exe
IMISERVER IEPLUGIN
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[38]=Process : C:\windows\systb.dll
obj[67]=Regkey : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
obj[68]=RegValue : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e} ""
obj[69]=Regkey : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}
obj[70]=RegValue : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a} ""
obj[71]=Regkey : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
obj[72]=RegValue : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7} ""
obj[73]=Regkey : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
obj[74]=RegValue : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c} ""
obj[75]=Regkey : clsid\{f3155057-4c2c-4078-8576-50486693fd49}
obj[76]=RegValue : clsid\{f3155057-4c2c-4078-8576-50486693fd49} ""
obj[77]=Regkey : imitoolbar.bottomframe
obj[78]=RegValue : imitoolbar.bottomframe ""
obj[79]=Regkey : imitoolbar.bottomframe.1
obj[80]=RegValue : imitoolbar.bottomframe.1 ""
obj[81]=Regkey : imitoolbar.leftframe
obj[82]=RegValue : imitoolbar.leftframe ""
obj[83]=Regkey : imitoolbar.leftframe.1
obj[84]=RegValue : imitoolbar.leftframe.1 ""
obj[85]=Regkey : imitoolbar.popupbrowser
obj[86]=RegValue : imitoolbar.popupbrowser ""
obj[87]=Regkey : imitoolbar.popupbrowser.1
obj[88]=RegValue : imitoolbar.popupbrowser.1 ""
obj[89]=Regkey : imitoolbar.popupwindow
obj[90]=RegValue : imitoolbar.popupwindow ""
obj[91]=Regkey : imitoolbar.popupwindow.1
obj[92]=RegValue : imitoolbar.popupwindow.1 ""
obj[93]=Regkey : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}
obj[94]=RegValue : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7} ""
obj[95]=Regkey : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}
obj[96]=RegValue : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64} ""
obj[97]=Regkey : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}
obj[98]=RegValue : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0} ""
obj[99]=Regkey : interface\{98b2ddba-6da2-4421-af2b-814e98f53649}
obj[100]=RegValue : interface\{98b2ddba-6da2-4421-af2b-814e98f53649} ""
obj[101]=Regkey : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
obj[102]=Regkey : wbho.band
obj[103]=RegValue : wbho.band ""
obj[104]=Regkey : wbho.band.1
obj[105]=RegValue : wbho.band.1 ""
obj[106]=Regkey : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
obj[107]=RegValue : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52} ""
obj[108]=Regkey : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
obj[109]=RegValue : interface\{3e589169-86ad-44fe-b426-f0bf105d5582} ""
obj[185]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
obj[220]=Regkey : remove
obj[221]=Regkey : software\intexp
obj[222]=RegValue : software\intexp "IID"
obj[223]=RegValue : software\intexp "Version"
obj[224]=RegValue : software\intexp "Date"
obj[225]=RegValue : software\intexp "bid"
obj[226]=RegValue : software\microsoft\internet explorer\toolbar "{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}"
obj[234]=File : C:\windows\systb.dll
obj[235]=File : C:\windows\systb.exe
obj[261]=File : C:\windows\lu.dat
obj[262]=File : C:\windows\redir.txt
obj[263]=File : C:\windows\wupdt.exe
ADINTELLIGENCE.APROPOSTOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[40]=Regkey : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}
obj[41]=Regkey : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
obj[42]=RegValue : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904} ""
obj[43]=Regkey : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
obj[44]=RegValue : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10} ""
obj[166]=Regkey : software\microsoft\windows\currentversion\uninstall\aproposclient
obj[167]=RegValue : software\microsoft\windows\currentversion\uninstall\aproposclient "UninstallString"
obj[168]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}
BOOKEDSPACE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[45]=Regkey : appid\bookedspace.dll
obj[46]=RegValue : appid\bookedspace.dll "AppID"
obj[47]=Regkey : bookedspace.extension
obj[48]=RegValue : bookedspace.extension ""
obj[49]=Regkey : bookedspace.extension.5
obj[50]=RegValue : bookedspace.extension.5 ""
obj[51]=Regkey : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
obj[52]=Regkey : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
obj[53]=RegValue : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e} ""
obj[54]=Regkey : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
obj[55]=RegValue : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622} ""
obj[56]=Regkey : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
obj[57]=RegValue : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9} ""
obj[58]=RegValue : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9} "AppID"
obj[169]=Regkey : software\bookedspace
obj[170]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
obj[264]=File : C:\windows\bsx32.ini
EZULA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[59]=Regkey : ezulabootexe.installctrl.1
obj[60]=RegValue : ezulabootexe.installctrl.1 ""
obj[61]=Regkey : ezulabootexe.installctrl
obj[62]=RegValue : ezulabootexe.installctrl ""
obj[63]=Regkey : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
obj[64]=RegValue : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be} ""
obj[65]=RegValue : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be} "AppID"
obj[66]=Regkey : typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}
obj[126]=Regkey : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula
obj[127]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "TPV"
obj[128]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "PP"
obj[129]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "NP"
obj[130]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "ZP"
obj[131]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "EP"
obj[132]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "HP"
obj[133]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "BP"
obj[134]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "WP"
obj[171]=Regkey : software\classes\typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}
obj[172]=Regkey : software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}
obj[173]=RegValue : software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be} ""
obj[174]=Regkey : software\classes\ezulabootexe.installctrl.1
obj[175]=RegValue : software\classes\ezulabootexe.installctrl.1 ""
obj[176]=Regkey : software\classes\ezulabootexe.installctrl
obj[177]=RegValue : software\classes\ezulabootexe.installctrl ""
obj[178]=Regkey : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
obj[179]=RegValue : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be} ""
obj[180]=RegValue : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be} "AppID"
obj[181]=Regkey : software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}
obj[182]=RegValue : software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be} ""
obj[183]=Regkey : software\classes\appid\ezulabootexe.exe
obj[184]=RegValue : software\classes\appid\ezulabootexe.exe "AppID"
obj[191]=Regkey : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula
obj[192]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "TPV"
obj[193]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "PP"
obj[194]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "NP"
obj[195]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "ZP"
obj[196]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "EP"
obj[197]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "HP"
obj[198]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "BP"
obj[199]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "WP"
obj[227]=Regkey : software\microsoft\downloadmanager
obj[240]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\temp.fr3EEC
obj[265]=File : C:\windows\System32\ezstub.exe
SAHAGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[119]=Regkey : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
obj[120]=RegValue : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2} ""
obj[121]=Regkey : typelib\{cde442a3-dc2c-467e-a311-b4bc775d86c5}
obj[122]=Regkey : webinstaller.execute
obj[123]=RegValue : webinstaller.execute ""
obj[124]=Regkey : webinstaller.execute.1
obj[125]=RegValue : webinstaller.execute.1 ""
obj[232]=File : C:\windows\a95kfrhe.exe
obj[238]=File : C:\windows\System32\qh4mkbv9.dll
ROINGS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[200]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\intexp "Date"
OTHER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[201]=RegValue : software\microsoft\windows\currentversion\run "Win Server Updt"
obj[268]=File : C:\windows\prefetch\INSTSRV.EXE-19F0DFEC.pf
POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[202]=RegData : Software\Microsoft\Internet Explorer\Main "Search Page"
obj[203]=RegData : Software\Microsoft\Internet Explorer\Main "Search Bar"
obj[204]=RegData : Software\Microsoft\Internet Explorer\Search "SearchAssistant"
obj[205]=RegData : Software\Microsoft\Internet Explorer\Search "CustomizeSearch"
obj[206]=RegData : S-1-5-21-602162358-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\Main "Search Page"
obj[207]=RegData : S-1-5-21-602162358-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\Main "Search Bar"
obj[208]=RegData : S-1-5-21-602162358-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL ""
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[211]=IECache Entry : Cookie:owner@pacificpoker.com/
obj[212]=IECache Entry : Cookie:owner@jseedcorn.cjt1.net/HTM/382/0
obj[213]=IECache Entry : Cookie:owner@tickle.com/
BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[228]=Folder : C:\Program Files\BullsEye Network
obj[229]=Folder : C:\Program Files\NaviSearch
obj[237]=File : C:\windows\System32\instsrv.exe
obj[266]=File : C:\windows\autoheal.exe
obj[267]=File : C:\windows\System32\mqexdlm.srg
WINDUPDATES
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[236]=File : C:\windows\System32\ide21201.vxd
Thanks in Advance!
ArchiveData(auto-quarantine- 2005-04-18 15-08-07.bckp)
Referencefile : SE1R38 11.04.2005
======================================================
MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent\09638TIR.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Owner\recent\100ALBUM.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Owner\recent\100SMDVC.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\Owner\recent\11.lnk
obj[4]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\search assistant\acmru\5001
obj[5]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[6]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\acs
obj[7]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ASF
obj[8]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ASM
obj[9]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[10]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.chm
obj[11]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.cl5
obj[12]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.cpp
obj[13]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[14]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[15]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.JPG
obj[16]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[17]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mht
obj[18]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[19]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.pps
obj[20]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.ppt
obj[21]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rtf
obj[22]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[23]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c1
obj[24]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c2
obj[25]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c3
obj[26]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles\c4
obj[27]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[28]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\player\settings opendir
obj[29]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[30]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[31]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru value
obj[32]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\excel\recent files
obj[33]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\powerpoint\recent file list
obj[34]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru value
obj[35]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\player\recentfilelist
obj[36]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\internet explorer\main save directory
obj[37]=MRU FileReference : C:\Documents and Settings\Owner\recent\CE7.lnk
obj[38]=MRU FileReference : C:\Documents and Settings\Owner\recent\CE9.lnk
obj[39]=MRU FileReference : C:\Documents and Settings\Owner\recent\CLM.lnk
obj[40]=MRU FileReference : C:\Documents and Settings\Owner\recent\CLM_Resume (2).lnk
obj[41]=MRU FileReference : C:\Documents and Settings\Owner\recent\CLM_Resume.lnk
obj[42]=MRU FileReference : C:\Documents and Settings\Owner\recent\CLM_Resume_School.lnk
obj[43]=MRU FileReference : C:\Documents and Settings\Owner\recent\Concentration_Courses.lnk
obj[44]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cornrows.lnk
obj[45]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cruise Vacation 001.lnk
obj[46]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cruise Vacation 050.lnk
obj[47]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentSkins1
obj[48]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[49]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cruise Vacation 067.lnk
obj[50]=MRU FileReference : C:\Documents and Settings\Owner\recent\Cruise Vacation 105.lnk
obj[51]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips1
obj[52]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips2
obj[53]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips3
obj[54]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips4
obj[55]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips5
obj[56]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips6
obj[57]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips7
obj[58]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\realnetworks\realplayer\6.0\preferences\MostRecentClips8
obj[59]=MRU FileReference : C:\Documents and Settings\Owner\recent\Euclid.lnk
obj[60]=MRU FileReference : C:\Documents and Settings\Owner\recent\fafsa email.lnk
obj[61]=MRU FileReference : C:\Documents and Settings\Owner\recent\february events.lnk
obj[62]=MRU FileReference : C:\Documents and Settings\Owner\recent\File0005.lnk
obj[63]=MRU FileReference : C:\Documents and Settings\Owner\recent\File0009.lnk
obj[64]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\internet explorer download directory
obj[65]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[66]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\microsoft management console\recent file list
obj[67]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\player\settings saveasdir
obj[68]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\common\general symbolmru
obj[69]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\preferences cdrecordpath
obj[70]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\internet explorer\typedurls
obj[71]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41C23512.MSG-1-STAND%20UP%20OR%20SHUT%20UP%202.doc.lnk
obj[72]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41C682D5.MSG-1-YOGAword.doc.lnk
obj[73]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41C90934.MSG-1-MEMO-%20Pollard%20Resignation.doc.lnk
obj[74]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41DA8E75.MSG-2-Monday%20e_board%20meeting.doc.lnk
obj[75]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP41DCCC69.MSG-1-INTEREST%20MEETING.doc.lnk
obj[76]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\preferences lastplaylist
obj[77]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bennett25.bennett.edu81-MBX-cmoore-ATTSMTP42236EE0.MSG-1-HIV%20Testing%20Today.doc.lnk
obj[78]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\office\10.0\clip organizer\search\last query
obj[79]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\preferences searchpath
obj[80]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[81]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[82]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows media\wmsdk\general computername
obj[83]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--bnc.mbhs.edu-media-FTM_11-07-02.doc.lnk
obj[84]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--faculty.washington.edu-qtaylor-Courses-322_AAH-322_Manual.doc.lnk
obj[85]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--www.comp.nus.edu.sg-~noi-tasks-1999-tasks99.doc.lnk
obj[86]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--www.si.umich.edu-Classes-540-Readings-ProgrammingLanguages.doc.lnk
obj[87]=MRU FileReference : C:\Documents and Settings\Owner\recent\http--www.suno.edu-pesmact-hbcu-up2005-Conference.doc.lnk
obj[88]=MRU FileReference : C:\Documents and Settings\Owner\recent\https--www.nsa.gov-applyonline-psft-V1625518726-CLM_Resume_School.doc.lnk
obj[89]=MRU FileReference : C:\Documents and Settings\Owner\recent\HW7_Back.lnk
obj[90]=MRU FileReference : C:\Documents and Settings\Owner\recent\HW7_Front.lnk
obj[91]=MRU FileReference : C:\Documents and Settings\Owner\recent\IAAB.lnk
obj[92]=MRU FileReference : C:\Documents and Settings\Owner\recent\IBM_Site.lnk
obj[93]=MRU FileReference : C:\Documents and Settings\Owner\recent\IBM_Site2.lnk
obj[94]=MRU FileReference : C:\Documents and Settings\Owner\recent\Increment.lnk
obj[95]=MRU FileReference : C:\Documents and Settings\Owner\recent\Internet Explorer.lnk
obj[96]=MRU FileReference : C:\Documents and Settings\Owner\recent\ISP Concentration confirmation form.lnk
obj[97]=MRU FileReference : C:\Documents and Settings\Owner\recent\ISP Internship confirmation form 05.lnk
obj[98]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB3 (2).lnk
obj[99]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB3.lnk
obj[100]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB5 (2).lnk
obj[101]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB5.lnk
obj[102]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB5_2.lnk
obj[103]=MRU FileReference : C:\Documents and Settings\Owner\recent\LAB5_PAR.lnk
obj[104]=MRU FileReference : C:\Documents and Settings\Owner\recent\Labpg2.lnk
obj[105]=MRU FileReference : C:\Documents and Settings\Owner\recent\manual.lnk
obj[106]=MRU FileReference : C:\Documents and Settings\Owner\recent\ME.lnk
obj[107]=MRU FileReference : C:\Documents and Settings\Owner\recent\Me3.lnk
obj[108]=MRU FileReference : C:\Documents and Settings\Owner\recent\me5.lnk
obj[109]=MRU FileReference : C:\Documents and Settings\Owner\recent\Me@A&T.lnk
obj[110]=MRU FileReference : C:\Documents and Settings\Owner\recent\Media.lnk
obj[111]=MRU FileReference : C:\Documents and Settings\Owner\recent\Missing3578.lnk
obj[112]=MRU FileReference : C:\Documents and Settings\Owner\recent\My Love.lnk
obj[113]=MRU FileReference : C:\Documents and Settings\Owner\recent\My Music.lnk
obj[114]=MRU FileReference : C:\Documents and Settings\Owner\recent\My Pictures.lnk
obj[115]=MRU FileReference : C:\Documents and Settings\Owner\recent\NAA.lnk
obj[116]=MRU FileReference : C:\Documents and Settings\Owner\recent\Nat_Turner.lnk
obj[117]=MRU FileReference : C:\Documents and Settings\Owner\recent\NG_Diversity_Scholarship.lnk
obj[118]=MRU FileReference : C:\Documents and Settings\Owner\recent\NG_Scholarship_App.lnk
obj[119]=MRU FileReference : C:\Documents and Settings\Owner\recent\Northrop_Grumman_Scholarship.lnk
obj[120]=MRU FileReference : C:\Documents and Settings\Owner\recent\Northrop_Grumman_Scholarship.txt.lnk
obj[121]=MRU FileReference : C:\Documents and Settings\Owner\recent\Notes.lnk
obj[122]=MRU FileReference : C:\Documents and Settings\Owner\recent\NSBE_Registration_Confirmation.lnk
obj[123]=MRU FileReference : C:\Documents and Settings\Owner\recent\Personality.lnk
obj[124]=MRU FileReference : C:\Documents and Settings\Owner\recent\phone.lnk
obj[125]=MRU FileReference : C:\Documents and Settings\Owner\recent\Play_Critique.lnk
obj[126]=MRU FileReference : C:\Documents and Settings\Owner\recent\PracticeSD2.lnk
obj[127]=MRU FileReference : C:\Documents and Settings\Owner\recent\PracticeStateDiagram.lnk
obj[128]=MRU FileReference : C:\Documents and Settings\Owner\recent\PrettyinHotPink&Black.lnk
obj[129]=MRU FileReference : C:\Documents and Settings\Owner\recent\PYLAB.lnk
obj[130]=MRU FileReference : C:\Documents and Settings\Owner\recent\RCP (2).lnk
obj[131]=MRU FileReference : C:\Documents and Settings\Owner\recent\RCP (3).lnk
obj[132]=MRU FileReference : C:\Documents and Settings\Owner\recent\RCP.lnk
obj[133]=MRU FileReference : C:\Documents and Settings\Owner\recent\Reese.lnk
obj[134]=MRU FileReference : C:\Documents and Settings\Owner\recent\rita.lnk
obj[135]=MRU FileReference : C:\Documents and Settings\Owner\recent\Schedule.lnk
obj[136]=MRU FileReference : C:\Documents and Settings\Owner\recent\sequence2_jpg (2).lnk
obj[137]=MRU FileReference : C:\Documents and Settings\Owner\recent\sequence2_jpg.lnk
obj[138]=MRU FileReference : C:\Documents and Settings\Owner\recent\SequentialCircuit.lnk
obj[139]=MRU FileReference : C:\Documents and Settings\Owner\recent\SMOV0002.lnk
obj[140]=MRU FileReference : C:\Documents and Settings\Owner\recent\SMOV0003.lnk
obj[141]=MRU FileReference : C:\Documents and Settings\Owner\recent\StateTable.lnk
obj[142]=MRU FileReference : C:\Documents and Settings\Owner\recent\sum.lnk
obj[143]=MRU FileReference : C:\Documents and Settings\Owner\recent\sum.txt on unix.uncg.edu.lnk
obj[144]=MRU FileReference : C:\Documents and Settings\Owner\recent\Summary 10.lnk
obj[145]=MRU FileReference : C:\Documents and Settings\Owner\recent\Summary 11.lnk
obj[146]=MRU FileReference : C:\Documents and Settings\Owner\recent\Summary 13.lnk
obj[147]=MRU FileReference : C:\Documents and Settings\Owner\recent\Summary 8 (2).lnk
obj[148]=MRU FileReference : C:\Documents and Settings\Owner\recent\T&C.lnk
obj[149]=MRU FileReference : C:\Documents and Settings\Owner\recent\TC_CCPaper.lnk
obj[150]=MRU FileReference : C:\Documents and Settings\Owner\recent\Teresa Stephanie King (Letter)[1].lnk
obj[151]=MRU FileReference : C:\Documents and Settings\Owner\recent\TH.lnk
obj[152]=MRU FileReference : C:\Documents and Settings\Owner\recent\Title.lnk
obj[153]=MRU FileReference : C:\Documents and Settings\Owner\recent\TSK_Personal Statement[1].lnk
obj[154]=MRU FileReference : C:\Documents and Settings\Owner\recent\Tweet.lnk
obj[155]=MRU FileReference : C:\Documents and Settings\Owner\recent\Tweete.lnk
obj[156]=MRU FileReference : C:\Documents and Settings\Owner\recent\uncf.lnk
obj[157]=MRU FileReference : C:\Documents and Settings\Owner\recent\unix.uncg.edu.lnk
obj[158]=MRU FileReference : C:\Documents and Settings\Owner\recent\Unofficial Transcript (2).lnk
obj[159]=MRU FileReference : C:\Documents and Settings\Owner\recent\Unofficial Transcript.lnk
obj[160]=MRU FileReference : C:\Documents and Settings\Owner\recent\Unofficial_Transcript.lnk
obj[161]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (2).lnk
obj[162]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (3).lnk
obj[163]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (4).lnk
obj[164]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (5).lnk
obj[165]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (6).lnk
obj[166]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank (7).lnk
obj[167]=MRU FileReference : C:\Documents and Settings\Owner\recent\Word Bank.lnk
obj[168]=MRU FileReference : C:\Documents and Settings\Owner\recent\WOULD YOU LIKE TO TRAVEL.lnk
obj[169]=MRU FileReference : C:\Documents and Settings\Owner\recent\YI90DXL5.lnk
obj[171]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
obj[172]=MRU RegReference : S-1-5-21-602162358-1644491937-682003330-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
PEOPLEONPAGE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[35]=Process : C:\Program Files\AutoUpdate\AutoUpdate.exe
obj[39]=Process : C:\Program Files\CxtPls\ace.dll
obj[165]=Regkey : S-1-5-21-602162358-1644491937-682003330-1003\software\apropos
obj[186]=Regkey : software\apropos
obj[187]=Regkey : software\envolo
obj[188]=Regkey : software\microsoft\windows\currentversion\uninstall\autoupdate
obj[189]=RegValue : software\microsoft\windows\currentversion\uninstall\autoupdate "UninstallString"
obj[209]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "AutoUpdater"
obj[214]=Regkey : software\autoloader
obj[215]=Folder : C:\Program Files\AutoUpdate
obj[216]=Folder : C:\DOCUME~1\Owner\LOCALS~1\Temp\AutoUpdate0
obj[217]=Folder : C:\DOCUME~1\Owner\LOCALS~1\Temp\Atf
obj[230]=File : c:\program files\autoupdate\autoupdate.exe
obj[239]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\AutoUpdate0\auto_update_install.exe
obj[245]=File : C:\Program Files\autoupdate\libexpat.dll
obj[246]=File : C:\windows\System32\auto_update_uninstall.exe
obj[247]=File : C:\windows\System32\auto_update_uninstall.log
obj[248]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\autoupdate0\setup.inf
obj[249]=File : C:\Program Files\cxtpls\ace.dll
obj[250]=File : C:\Program Files\cxtpls\AI_17-04-2005.log
obj[251]=File : C:\Program Files\cxtpls\AI_18-04-2005.log
obj[252]=File : C:\Program Files\cxtpls\atl.dll
obj[253]=File : C:\Program Files\cxtpls\CxtPls.dll
obj[254]=File : C:\Program Files\cxtpls\CxtPls.exe
obj[255]=File : C:\Program Files\cxtpls\data.bin
obj[256]=File : C:\Program Files\cxtpls\libexpat.dll
obj[257]=File : C:\Program Files\cxtpls\ProxyStub.dll
obj[258]=File : C:\Program Files\cxtpls\uninstaller.exe
obj[259]=File : C:\Program Files\cxtpls\WinGenerics.dll
VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[36]=Process : C:\windows\system32\zthlximr.exe
obj[190]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000049-8f91-4d9c-9573-f016e7626484}
obj[218]=RegValue : software\microsoft\internet explorer\toolbar\webbrowser "{0E5CBF21-D15F-11D0-8301-00AA005B4383}"
obj[219]=Folder : C:\DOCUME~1\Owner\LOCALS~1\Temp\DrTemp
obj[260]=File : C:\windows\wininit.ini
MEDIAMOTOR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[37]=Process : C:\windows\ceres.dll
obj[110]=Regkey : ceresdll.ceresdllobj
obj[111]=RegValue : ceresdll.ceresdllobj ""
obj[112]=Regkey : clsid\{00000049-8f91-4d9c-9573-f016e7626484}
obj[113]=RegValue : clsid\{00000049-8f91-4d9c-9573-f016e7626484} ""
obj[114]=Regkey : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
obj[115]=RegValue : interface\{bb0d5adc-028d-4185-9288-722ddce2c757} ""
obj[116]=Regkey : ceresdll.ceresdllobj.1
obj[117]=RegValue : ceresdll.ceresdllobj.1 ""
obj[118]=Regkey : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}
obj[135]=Regkey : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres
obj[136]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4d3OfSInst"
obj[137]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSC4n3trMsgSDisp"
obj[138]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4d3OfSDist"
obj[139]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4o3pListSPos"
obj[140]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSs4t3icky1S"
obj[141]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSs4t3icky2S"
obj[142]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSs4t3icky3S"
obj[143]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSs4t3icky4S"
obj[144]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSC1o4d3eOfSFinalAd"
obj[145]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4i3m6eOfSFinalAd"
obj[146]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSD4s3tSSEnd"
obj[147]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CS4N3a6tionSCode"
obj[148]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSP4D3om"
obj[149]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4n3ProgSCab"
obj[150]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4n3ProgSEx"
obj[151]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4n3ProgSLstest"
obj[152]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSL4a3stSSChckin"
obj[153]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSB4D3om"
obj[154]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSC4u3rrentSMode"
obj[155]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSC4n3tFyl"
obj[156]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSM4o3deSSync"
obj[157]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4h3rshSBath"
obj[158]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4h3rshSysSInf"
obj[159]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4h3rshSCheckSIn"
obj[160]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CST4h3rshSMots"
obj[161]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSL4n3Title"
obj[162]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSI4g3noreS"
obj[163]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSL4a3stMotsSDay"
obj[164]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ceres "CSS4t3atusOfSInst"
obj[210]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "farmmext"
obj[231]=File : c:\windows\farmmext.exe
obj[233]=File : C:\windows\ceres.dll
obj[241]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\THI2D4A.tmp\ceres.cab
obj[242]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\THI2D4A.tmp\ceres.dll
obj[243]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\THI6D95.tmp\farmmext.cab
obj[244]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\THI6D95.tmp\farmmext.exe
IMISERVER IEPLUGIN
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[38]=Process : C:\windows\systb.dll
obj[67]=Regkey : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
obj[68]=RegValue : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e} ""
obj[69]=Regkey : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}
obj[70]=RegValue : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a} ""
obj[71]=Regkey : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
obj[72]=RegValue : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7} ""
obj[73]=Regkey : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
obj[74]=RegValue : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c} ""
obj[75]=Regkey : clsid\{f3155057-4c2c-4078-8576-50486693fd49}
obj[76]=RegValue : clsid\{f3155057-4c2c-4078-8576-50486693fd49} ""
obj[77]=Regkey : imitoolbar.bottomframe
obj[78]=RegValue : imitoolbar.bottomframe ""
obj[79]=Regkey : imitoolbar.bottomframe.1
obj[80]=RegValue : imitoolbar.bottomframe.1 ""
obj[81]=Regkey : imitoolbar.leftframe
obj[82]=RegValue : imitoolbar.leftframe ""
obj[83]=Regkey : imitoolbar.leftframe.1
obj[84]=RegValue : imitoolbar.leftframe.1 ""
obj[85]=Regkey : imitoolbar.popupbrowser
obj[86]=RegValue : imitoolbar.popupbrowser ""
obj[87]=Regkey : imitoolbar.popupbrowser.1
obj[88]=RegValue : imitoolbar.popupbrowser.1 ""
obj[89]=Regkey : imitoolbar.popupwindow
obj[90]=RegValue : imitoolbar.popupwindow ""
obj[91]=Regkey : imitoolbar.popupwindow.1
obj[92]=RegValue : imitoolbar.popupwindow.1 ""
obj[93]=Regkey : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}
obj[94]=RegValue : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7} ""
obj[95]=Regkey : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}
obj[96]=RegValue : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64} ""
obj[97]=Regkey : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}
obj[98]=RegValue : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0} ""
obj[99]=Regkey : interface\{98b2ddba-6da2-4421-af2b-814e98f53649}
obj[100]=RegValue : interface\{98b2ddba-6da2-4421-af2b-814e98f53649} ""
obj[101]=Regkey : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
obj[102]=Regkey : wbho.band
obj[103]=RegValue : wbho.band ""
obj[104]=Regkey : wbho.band.1
obj[105]=RegValue : wbho.band.1 ""
obj[106]=Regkey : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
obj[107]=RegValue : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52} ""
obj[108]=Regkey : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
obj[109]=RegValue : interface\{3e589169-86ad-44fe-b426-f0bf105d5582} ""
obj[185]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
obj[220]=Regkey : remove
obj[221]=Regkey : software\intexp
obj[222]=RegValue : software\intexp "IID"
obj[223]=RegValue : software\intexp "Version"
obj[224]=RegValue : software\intexp "Date"
obj[225]=RegValue : software\intexp "bid"
obj[226]=RegValue : software\microsoft\internet explorer\toolbar "{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}"
obj[234]=File : C:\windows\systb.dll
obj[235]=File : C:\windows\systb.exe
obj[261]=File : C:\windows\lu.dat
obj[262]=File : C:\windows\redir.txt
obj[263]=File : C:\windows\wupdt.exe
ADINTELLIGENCE.APROPOSTOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[40]=Regkey : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}
obj[41]=Regkey : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
obj[42]=RegValue : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904} ""
obj[43]=Regkey : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
obj[44]=RegValue : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10} ""
obj[166]=Regkey : software\microsoft\windows\currentversion\uninstall\aproposclient
obj[167]=RegValue : software\microsoft\windows\currentversion\uninstall\aproposclient "UninstallString"
obj[168]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}
BOOKEDSPACE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[45]=Regkey : appid\bookedspace.dll
obj[46]=RegValue : appid\bookedspace.dll "AppID"
obj[47]=Regkey : bookedspace.extension
obj[48]=RegValue : bookedspace.extension ""
obj[49]=Regkey : bookedspace.extension.5
obj[50]=RegValue : bookedspace.extension.5 ""
obj[51]=Regkey : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
obj[52]=Regkey : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
obj[53]=RegValue : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e} ""
obj[54]=Regkey : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
obj[55]=RegValue : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622} ""
obj[56]=Regkey : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
obj[57]=RegValue : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9} ""
obj[58]=RegValue : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9} "AppID"
obj[169]=Regkey : software\bookedspace
obj[170]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
obj[264]=File : C:\windows\bsx32.ini
EZULA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[59]=Regkey : ezulabootexe.installctrl.1
obj[60]=RegValue : ezulabootexe.installctrl.1 ""
obj[61]=Regkey : ezulabootexe.installctrl
obj[62]=RegValue : ezulabootexe.installctrl ""
obj[63]=Regkey : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
obj[64]=RegValue : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be} ""
obj[65]=RegValue : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be} "AppID"
obj[66]=Regkey : typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}
obj[126]=Regkey : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula
obj[127]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "TPV"
obj[128]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "PP"
obj[129]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "NP"
obj[130]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "ZP"
obj[131]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "EP"
obj[132]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "HP"
obj[133]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "BP"
obj[134]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\ezula "WP"
obj[171]=Regkey : software\classes\typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}
obj[172]=Regkey : software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}
obj[173]=RegValue : software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be} ""
obj[174]=Regkey : software\classes\ezulabootexe.installctrl.1
obj[175]=RegValue : software\classes\ezulabootexe.installctrl.1 ""
obj[176]=Regkey : software\classes\ezulabootexe.installctrl
obj[177]=RegValue : software\classes\ezulabootexe.installctrl ""
obj[178]=Regkey : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
obj[179]=RegValue : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be} ""
obj[180]=RegValue : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be} "AppID"
obj[181]=Regkey : software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}
obj[182]=RegValue : software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be} ""
obj[183]=Regkey : software\classes\appid\ezulabootexe.exe
obj[184]=RegValue : software\classes\appid\ezulabootexe.exe "AppID"
obj[191]=Regkey : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula
obj[192]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "TPV"
obj[193]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "PP"
obj[194]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "NP"
obj[195]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "ZP"
obj[196]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "EP"
obj[197]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "HP"
obj[198]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "BP"
obj[199]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\\software\ezula "WP"
obj[227]=Regkey : software\microsoft\downloadmanager
obj[240]=File : C:\DOCUME~1\Owner\LOCALS~1\Temp\temp.fr3EEC
obj[265]=File : C:\windows\System32\ezstub.exe
SAHAGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[119]=Regkey : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
obj[120]=RegValue : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2} ""
obj[121]=Regkey : typelib\{cde442a3-dc2c-467e-a311-b4bc775d86c5}
obj[122]=Regkey : webinstaller.execute
obj[123]=RegValue : webinstaller.execute ""
obj[124]=Regkey : webinstaller.execute.1
obj[125]=RegValue : webinstaller.execute.1 ""
obj[232]=File : C:\windows\a95kfrhe.exe
obj[238]=File : C:\windows\System32\qh4mkbv9.dll
ROINGS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[200]=RegValue : S-1-5-21-602162358-1644491937-682003330-1003\software\intexp "Date"
OTHER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[201]=RegValue : software\microsoft\windows\currentversion\run "Win Server Updt"
obj[268]=File : C:\windows\prefetch\INSTSRV.EXE-19F0DFEC.pf
POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[202]=RegData : Software\Microsoft\Internet Explorer\Main "Search Page"
obj[203]=RegData : Software\Microsoft\Internet Explorer\Main "Search Bar"
obj[204]=RegData : Software\Microsoft\Internet Explorer\Search "SearchAssistant"
obj[205]=RegData : Software\Microsoft\Internet Explorer\Search "CustomizeSearch"
obj[206]=RegData : S-1-5-21-602162358-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\Main "Search Page"
obj[207]=RegData : S-1-5-21-602162358-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\Main "Search Bar"
obj[208]=RegData : S-1-5-21-602162358-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL ""
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[211]=IECache Entry : Cookie:owner@pacificpoker.com/
obj[212]=IECache Entry : Cookie:owner@jseedcorn.cjt1.net/HTM/382/0
obj[213]=IECache Entry : Cookie:owner@tickle.com/
BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[228]=Folder : C:\Program Files\BullsEye Network
obj[229]=Folder : C:\Program Files\NaviSearch
obj[237]=File : C:\windows\System32\instsrv.exe
obj[266]=File : C:\windows\autoheal.exe
obj[267]=File : C:\windows\System32\mqexdlm.srg
WINDUPDATES
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[236]=File : C:\windows\System32\ide21201.vxd
0
Comments
PLEASE DO NOT POST SPYWARE PROBLEMS IN THIS FORUM
This is a forum ONLY for non-booting emergencies or other major hardware failure
If you have a spyware problem, please post it to the SVT forum:
Spyware/Virus/Trojan Discussion
This post will be moved to our Spyware/Virus/Trojan Discussion Forum for assistance there. Look for your post there.
*** PLEASE DO NOT POST LOGS FROM AD AWARE OR SPYBOT UNLESS YOU ARE REQUESTED TO DO SO! THEY ARE TOO LOOOOOONG. STICK TO LOGS FROM HIJACK THIS.***
In the meantime, follow These Instructions to run a program called Hijack This, and post your log file from that program into this thread.
Dexter...