Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

desktop.exe and friends


  • Please log in to reply

#16
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
reset the restore points, ran a new HJT log. still couldn't delete that file in safe mode.


Logfile of HijackThis v1.99.1
Scan saved at 12:12:42 AM, on 4/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\vzmavz.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lefty\Application Data\Mozilla\Profiles\default\qk2es76k.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vzmavz.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypar...sses/CFJava.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1112.nyc1...iewer_cia15.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#17
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ran the ccleaner also
  • 0

#18
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I'm about to leave for a little while. I'll look at it first thing when I get back. Give me a couple of hours.
  • 0

#19
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Is system restore still off? Make sure you do that and set new restore points. Give me a fresh log.
  • 0

#20
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
reset the restore points, here is the new log


Logfile of HijackThis v1.99.1
Scan saved at 8:50:25 PM, on 4/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lefty\Application Data\Mozilla\Profiles\default\qk2es76k.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypar...sses/CFJava.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1112.nyc1...iewer_cia15.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#21
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
How is it running?
  • 0

#22
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
computer is running fine, with the exception of windows media player. I get an error message - an internal application error has occurred.

But when I run a scan on Pandasoft, I get 78 infected files, what should I do? some of the files I can find, some I can't

Thanks,

Lefty

Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Lefty\Application Data\ssk?wrd.dll
Spyware:Spyware/Search3 No disinfected C:\WINDOWS\DOWNLO~1\search3.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\tyhetyt.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\dosync.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\docore.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\dolsp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING11.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MEDIAWHIZ3.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\BM2.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MARKETING11.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MEDIAWHIZ3.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MEDIAWHIZ3.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MARKETING11.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\installer_MEDIAWHIZ5.exe
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050326-214356-863.inf
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050328-131700-267.dll
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\UnInstaller.exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[ll32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[dlskcopy.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[dsskadp.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[sjimgvw.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[nwlanui.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[imrtprio.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[cgyptdlg.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[rdgwizc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[sgnike.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[l04q0ah5ed4.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[insutil.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[nhevtmsg.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[kldycc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[MZSCP.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[dcprop.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[aulddial.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[amptif.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[mdl_qic.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[uytheme.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[vswwdm32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[jt6007jme.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[mrjava.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[wyadss.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[l4p20e7oeh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[ajsmsext.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[lvnq0955e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[mirui.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[tipmib.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[kxdhu.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[iymontr.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[syhannel.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[kfdbu.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[fp8403lqe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[aza6lgjs16o6.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[gp80l3lm1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[k2080cduef080.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[ir40l5hm1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[gprql3951.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[owbctrac.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[dnwsockx.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[enn4l15q1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[DISPYDLL.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[i060lajm1doa.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[gpnsl3571.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[h4n00e5meh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[f4l00e3meh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[enn2l15o1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[h0l2la3o1d.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[m682lglo16qc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[hr4605hse.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[cZpicom.dll]
  • 0

#23
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Panda is now scanning for spyware/adware. But it's not cleaning it. Try adaware and spybot.

Please scan your system with Ad-aware:
Ad-aware SE - Download - Home Page
  • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  • Once the definitions have been updated:
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
Then download Spybot S&D. Spybot

Update it. Run a full scan. Delete everything.

You have GOT to make sure you set new restore points and keep system restore off until I tell you. And clean out your temp. files.

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click OK and Disk Cleanup will delete those files for you.


If you would please, rescan with HijackThis and post a fresh log in this same topic.
  • 0

#24
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
system restore is turned off

Logfile of HijackThis v1.99.1
Scan saved at 11:09:34 PM, on 4/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lefty\Application Data\Mozilla\Profiles\default\qk2es76k.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypar...sses/CFJava.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1112.nyc1...iewer_cia15.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#25
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Lefty: I just realized I left you hanging. ;) I'm so sorry. Please post another log and I'll get after it right away. Sorry, sorry, sorry. :tazz:
  • 0

Advertisements


#26
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
No problem Coach. I forgive you. Here is the latest.

Logfile of HijackThis v1.99.1
Scan saved at 9:59:29 PM, on 4/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lefty\Application Data\Mozilla\Profiles\default\qk2es76k.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypar...sses/CFJava.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1112.nyc1...iewer_cia15.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#27
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Your log looks fine. That Panda scan, though. Yuck.

Make sure system restore is off.

Run this program.ccleaner


If there are any cookies you want to keep, make sure you don't delete them.

Run adaware again and panda again and give me those logs, along with a HJThis log.
  • 0

#28
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
here is the panda scan

Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Lefty\Application Data\ssk?wrd.dll
Adware:Adware/SearchRelevancy No disinfected Windows Registry
Spyware:Spyware/Search3 No disinfected C:\WINDOWS\DOWNLO~1\search3.dll
Adware:Adware/SearchTheWeb No disinfected Windows Registry
Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\tyhetyt.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\dosync.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\docore.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\dolsp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING11.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MEDIAWHIZ3.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\BM2.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MARKETING11.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MEDIAWHIZ3.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MEDIAWHIZ3.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MARKETING11.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\installer_MEDIAWHIZ5.exe
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050326-214356-863.inf
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050328-131700-267.dll
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\UnInstaller.exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[ll32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[dlskcopy.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[dsskadp.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[sjimgvw.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[nwlanui.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[imrtprio.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[cgyptdlg.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[rdgwizc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[sgnike.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[l04q0ah5ed4.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[insutil.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[nhevtmsg.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[kldycc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[MZSCP.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[dcprop.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[aulddial.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[amptif.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[mdl_qic.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[uytheme.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[vswwdm32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[jt6007jme.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[mrjava.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[wyadss.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[l4p20e7oeh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[ajsmsext.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[lvnq0955e.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[mirui.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[tipmib.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[kxdhu.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[iymontr.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[syhannel.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[kfdbu.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[fp8403lqe.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[aza6lgjs16o6.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[gp80l3lm1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[k2080cduef080.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[ir40l5hm1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[gprql3951.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[owbctrac.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[dnwsockx.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[enn4l15q1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[DISPYDLL.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[i060lajm1doa.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[gpnsl3571.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[h4n00e5meh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[f4l00e3meh.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[enn2l15o1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[h0l2la3o1d.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[m682lglo16qc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[hr4605hse.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\l2mfix\backup.zip[cZpicom.dll]
  • 0

#29
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Try this:

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#30
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here it is Coach! Thanks

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aż Context Menu Shell Extension"
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
drmclien.dll Fri Jan 28 2005 1:44:28p A.... 258,296 252.24 K
drmv2clt.dll Fri Jan 28 2005 1:44:28p A.... 502,272 490.50 K
blackbox.dll Fri Jan 28 2005 1:44:28p A.... 294,912 288.00 K
spmsg.dll Thu Feb 24 2005 7:35:06p ..... 14,048 13.72 K
wmspdmoe.dll Fri Jan 28 2005 1:44:28p A.... 940,544 918.50 K
wmvadvd.dll Fri Jan 28 2005 1:44:28p A.... 1,218,808 1.16 M
wmidx.dll Fri Jan 28 2005 1:44:28p A.... 150,016 146.50 K
qasf.dll Fri Jan 28 2005 1:44:28p A.... 221,184 216.00 K
wmpui.dll Fri Jan 28 2005 1:44:28p A.... 20,480 20.00 K
laprxy.dll Fri Jan 28 2005 1:44:28p A.... 6,656 6.50 K
wmvdmoe2.dll Fri Jan 28 2005 1:44:28p A.... 1,003,008 979.50 K
wmvadve.dll Fri Jan 28 2005 1:44:28p A.... 1,512,448 1.44 M
mswmdm.dll Fri Jan 28 2005 1:44:28p A.... 315,904 308.50 K
msscp.dll Fri Jan 28 2005 1:44:28p A.... 364,784 356.23 K
wmdmps.dll Fri Jan 28 2005 1:44:28p A.... 33,792 33.00 K
mspmsp.dll Fri Jan 28 2005 1:44:28p A.... 173,568 169.50 K
wmdmlog.dll Fri Jan 28 2005 1:44:28p A.... 28,160 27.50 K
cewmdm.dll Fri Jan 28 2005 1:44:28p A.... 164,864 161.00 K
wdfapi.dll Fri Jan 28 2005 1:44:28p A.... 15,872 15.50 K
wpd_ci.dll Fri Jan 28 2005 1:44:28p A.... 38,912 38.00 K
wpdmtp.dll Fri Jan 28 2005 1:44:28p A.... 114,176 111.50 K
wpdmtpdr.dll Fri Jan 28 2005 1:44:28p A.... 331,776 324.00 K
winsrv.dll Wed Mar 2 2005 2:20:04p A.... 277,504 271.00 K
wpdmtpus.dll Fri Jan 28 2005 1:44:28p A.... 66,560 65.00 K
wpdconns.dll Fri Jan 28 2005 1:44:28p A.... 61,952 60.50 K
wpdsp.dll Fri Jan 28 2005 1:44:28p A.... 331,264 323.50 K
wpdtrace.dll Fri Jan 28 2005 1:44:28p A.... 10,752 10.50 K
asferror.dll Fri Jan 28 2005 1:44:28p A.... 8,192 8.00 K
wmpdxm.dll Fri Jan 28 2005 1:44:28p A.... 282,624 276.00 K
wmpasf.dll Fri Jan 28 2005 1:44:28p A.... 135,168 132.00 K
wmp.dll Fri Jan 28 2005 1:44:28p A.... 5,525,504 5.27 M
wmpshell.dll Fri Jan 28 2005 1:44:28p A.... 86,016 84.00 K
wmploc.dll Fri Jan 28 2005 1:44:28p A.... 3,371,008 3.21 M
wmerror.dll Fri Jan 28 2005 1:44:28p A.... 189,440 185.00 K
wmpsrcwp.dll Fri Jan 28 2005 1:44:28p A.... 175,104 171.00 K
drmstor.dll Fri Jan 28 2005 1:44:28p A.... 96,768 94.50 K
msnetobj.dll Fri Jan 28 2005 1:44:28p A.... 142,336 139.00 K
wmpcd.dll Fri Jan 28 2005 1:44:28p A.... 20,480 20.00 K
iepeers.dll Fri Feb 18 2005 12:43:20p A.... 236,032 230.50 K
tyhetyt.dll Sat Apr 9 2005 10:11:06p A.... 27,136 26.50 K
wmpencen.dll Fri Jan 28 2005 1:44:28p A.... 1,594,880 1.52 M
wmvdmod.dll Fri Jan 28 2005 1:44:28p A.... 895,736 874.74 K
wmpcore.dll Fri Jan 28 2005 1:44:28p A.... 20,480 20.00 K
wmadmod.dll Fri Jan 28 2005 1:44:28p A.... 396,528 387.23 K
browseui.dll Fri Feb 18 2005 3:09:14p A.... 1,017,856 994.00 K
wmsdmod.dll Fri Jan 28 2005 1:44:28p A.... 774,904 756.74 K
wmspdmod.dll Fri Jan 28 2005 1:44:28p A.... 413,944 404.24 K
msi.dll Mon Mar 21 2005 3:00:20p A.... 2,890,240 2.75 M
wmasf.dll Fri Jan 28 2005 1:44:28p A.... 224,768 219.50 K
wmnetmgr.dll Fri Jan 28 2005 1:44:28p A.... 1,027,072 1003.00 K
wmvcore.dll Fri Jan 28 2005 1:44:28p A.... 2,370,296 2.26 M
msisip.dll Mon Mar 21 2005 3:00:22p A.... 15,360 15.00 K
wmadmoe.dll Fri Jan 28 2005 1:44:28p A.... 716,288 699.50 K
wmsdmoe2.dll Fri Jan 28 2005 1:44:28p A.... 1,119,744 1.07 M
wmdrmnet.dll Fri Jan 28 2005 1:44:28p A.... 290,816 284.00 K
msihnd.dll Mon Mar 21 2005 3:00:22p A.... 271,360 265.00 K
msimsg.dll Mon Mar 21 2005 3:00:22p A.... 884,736 864.00 K
user32.dll Wed Mar 2 2005 2:20:04p A.... 561,152 548.00 K
authz.dll Wed Mar 2 2005 2:20:04p A.... 53,760 52.50 K
shell32.dll Fri Mar 11 2005 9:51:16p A.... 8,348,672 7.96 M
wmdrmdev.dll Fri Jan 28 2005 1:44:28p A.... 335,872 328.00 K
mspmsnsv.dll Fri Jan 28 2005 1:44:28p A.... 25,088 24.50 K
audiodev.dll Fri Jan 28 2005 1:44:28p A.... 484,352 473.00 K
atl71.dll Wed Mar 9 2005 8:35:50p A.... 89,088 87.00 K
xpsp2res.dll Fri Mar 11 2005 6:07:14p A.... 594,432 580.50 K
mshtml.dll Thu Feb 24 2005 1:23:26p A.... 2,811,904 2.68 M
arpoa.dll Sat Apr 9 2005 10:11:06p A.... 4,096 4.00 K
msrating.dll Thu Feb 24 2005 11:54:42a A.... 132,096 129.00 K
shdocvw.dll Fri Feb 18 2005 3:09:00p A.... 1,337,344 1.27 M
sporder.dll Wed Mar 9 2005 9:15:38p A.... 8,464 8.27 K
wininet.dll Fri Feb 18 2005 4:19:18p A.... 592,384 578.50 K
mcp82.dll Sat Mar 26 2005 8:34:26p A.... 558 0.54 K
dosync.dll Mon Apr 4 2005 1:37:30a A.... 114,688 112.00 K
docore.dll Wed Mar 30 2005 12:24:20a A.... 151,552 148.00 K
dolsp.dll Sat Apr 2 2005 6:58:52p A.... 139,264 136.00 K

75 items found: 75 files, 0 directories.
Total of file sizes: 49,478,094 bytes 47.18 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 3F20-9D01

Directory of C:\WINDOWS\System32

03/10/2005 08:23 PM 8,192 Thumbs.db
02/05/2005 03:33 PM 10,022 KGyGaAvL.sys
07/25/2003 06:28 PM 32 {E453930B-F420-4191-9942-331724009277}.dat
07/25/2003 06:28 PM 32 {100B31FF-9A79-44C5-803B-F5A93AD48EED}.dat
07/25/2003 06:27 PM 32 {68E48F58-628B-4CE0-BE2A-2FFA5616EF6E}.dat
07/25/2003 06:25 PM 32 {9D2C2278-95E3-4FE8-9713-12C5D2654142}.dat
07/25/2003 06:25 PM 32 {196969F0-14FF-4E57-83AF-6C3F47CEB1B4}.dat
07/25/2003 06:25 PM 32 {CEEF2293-7C19-446F-8636-50F284A67903}.dat
07/25/2003 06:23 PM 32 {1B581A70-85B2-4A74-AF1C-C434379164BF}.dat
07/25/2003 05:20 PM <DIR> Microsoft
07/25/2003 04:40 PM <DIR> dllcache
05/05/1999 06:14 PM 200,704 THREED32.OCX
03/26/1999 12:00 AM 101,888 VB6STKIT.DLL
11 File(s) 321,030 bytes
2 Dir(s) 59,706,114,048 bytes free
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP