Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer keeps popping up [RESOLVED]


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
We will try another approach to the infection before we both throw our computers against the wall. :tazz:

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
  • Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed do the following:
    • REBOOT into Safe Mode
    • Run EWIDO
    • Click on scanner
    • Click on Start Scan
    • Let the program scan the machine
    • While the scan is in progress you will be prompted to clean files, click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop
  • Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
Regards,

Trevuren

  • 0

Advertisements


#17
snapshot

snapshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I finaly got it to work on wordpad. Here is my log.

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\irjol5131.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AC6F1A49-B364-74D9-090F-CD2CA1FDEAB3}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shell Shredding Utility"
"{336B02CE-F88A-4aea-8731-79EF94D3723A}"="Free AOL & Unlimited Internet.lnk"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{4EC26602-4807-40FE-A40F-1A41E4D40C78}"="Dell DJ Explorer"
"{A3B9833D-4B42-4DD3-AC47-ECB1A2E31B9D}"=""
"{948A98EA-8B67-465E-911B-F092CFE9B7B3}"=""
"{5E5BD80A-2F92-4548-BD71-C94FD2812261}"=""
"{656FC1C8-A869-4680-A479-A5DC3AF31838}"=""
"{EA1C1E46-6083-4672-9FA5-9F89E38224EF}"=""
"{BDCD51A7-DAFD-4526-8213-56A7B3F9B84C}"=""
"{E0A71DEE-9DA9-439E-858F-F55889E6B9FA}"=""
"{F6E549D5-30EE-4D15-96F1-2ED989A0B006}"=""
"{BEA863F6-9A6E-40F8-B2EF-155AB33D0640}"=""
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{99D7B3D9-C414-41CB-B5DB-72D59CFECA20}"=""
"{36E2B6E6-527B-4B5B-9EC4-42E9FD91C8C9}"=""
"{EE10D5DC-D2B1-48CE-BCC2-4892463DABE1}"=""
"{1A08BC0D-8868-4E86-A133-3B0FD91638F8}"=""
"{1A295F89-32AF-45EC-9733-A047E6EC26E7}"=""
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A3B9833D-4B42-4DD3-AC47-ECB1A2E31B9D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3B9833D-4B42-4DD3-AC47-ECB1A2E31B9D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3B9833D-4B42-4DD3-AC47-ECB1A2E31B9D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{948A98EA-8B67-465E-911B-F092CFE9B7B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{948A98EA-8B67-465E-911B-F092CFE9B7B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{948A98EA-8B67-465E-911B-F092CFE9B7B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{948A98EA-8B67-465E-911B-F092CFE9B7B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\NGLSAPI.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5E5BD80A-2F92-4548-BD71-C94FD2812261}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E5BD80A-2F92-4548-BD71-C94FD2812261}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E5BD80A-2F92-4548-BD71-C94FD2812261}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5E5BD80A-2F92-4548-BD71-C94FD2812261}\InprocServer32]
@="C:\\WINDOWS\\system32\\itq.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{656FC1C8-A869-4680-A479-A5DC3AF31838}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{656FC1C8-A869-4680-A479-A5DC3AF31838}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{656FC1C8-A869-4680-A479-A5DC3AF31838}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EA1C1E46-6083-4672-9FA5-9F89E38224EF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA1C1E46-6083-4672-9FA5-9F89E38224EF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA1C1E46-6083-4672-9FA5-9F89E38224EF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BDCD51A7-DAFD-4526-8213-56A7B3F9B84C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDCD51A7-DAFD-4526-8213-56A7B3F9B84C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDCD51A7-DAFD-4526-8213-56A7B3F9B84C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E0A71DEE-9DA9-439E-858F-F55889E6B9FA}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{E0A71DEE-9DA9-439E-858F-F55889E6B9FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A71DEE-9DA9-439E-858F-F55889E6B9FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A71DEE-9DA9-439E-858F-F55889E6B9FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\KSDDA.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F6E549D5-30EE-4D15-96F1-2ED989A0B006}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{F6E549D5-30EE-4D15-96F1-2ED989A0B006}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6E549D5-30EE-4D15-96F1-2ED989A0B006}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6E549D5-30EE-4D15-96F1-2ED989A0B006}\InprocServer32]
@="C:\\WINDOWS\\system32\\WHNRNR.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BEA863F6-9A6E-40F8-B2EF-155AB33D0640}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEA863F6-9A6E-40F8-B2EF-155AB33D0640}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEA863F6-9A6E-40F8-B2EF-155AB33D0640}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{99D7B3D9-C414-41CB-B5DB-72D59CFECA20}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{99D7B3D9-C414-41CB-B5DB-72D59CFECA20}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{99D7B3D9-C414-41CB-B5DB-72D59CFECA20}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{36E2B6E6-527B-4B5B-9EC4-42E9FD91C8C9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{36E2B6E6-527B-4B5B-9EC4-42E9FD91C8C9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{36E2B6E6-527B-4B5B-9EC4-42E9FD91C8C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{36E2B6E6-527B-4B5B-9EC4-42E9FD91C8C9}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EE10D5DC-D2B1-48CE-BCC2-4892463DABE1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE10D5DC-D2B1-48CE-BCC2-4892463DABE1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE10D5DC-D2B1-48CE-BCC2-4892463DABE1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE10D5DC-D2B1-48CE-BCC2-4892463DABE1}\InprocServer32]
@="C:\\WINDOWS\\system32\\mpxclu.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1A08BC0D-8868-4E86-A133-3B0FD91638F8}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{1A08BC0D-8868-4E86-A133-3B0FD91638F8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A08BC0D-8868-4E86-A133-3B0FD91638F8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1A295F89-32AF-45EC-9733-A047E6EC26E7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A295F89-32AF-45EC-9733-A047E6EC26E7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A295F89-32AF-45EC-9733-A047E6EC26E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A295F89-32AF-45EC-9733-A047E6EC26E7}\InprocServer32]
@="C:\\WINDOWS\\system32\\KQDBR.DLL"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aza0l5~1.dll Sat Jul 2 2005 8:13:24a ..S.R 236,328 230.79 K
aza20g~1.dll Sun Jun 19 2005 10:26:12p ..S.R 236,341 230.80 K
aza60i~1.dll Wed May 11 2005 8:57:20a ..S.R 235,243 229.73 K
aza8l5~1.dll Tue May 17 2005 9:54:10p ..S.R 233,677 228.20 K
azaq09~1.dll Fri Jul 22 2005 12:37:14a ..S.R 234,143 228.65 K
azau0g~1.dll Mon May 9 2005 7:55:12p ..S.R 234,612 229.11 K
azaul3~1.dll Fri Jun 17 2005 6:17:42p ..S.R 233,870 228.39 K
caosys.dll Thu Jun 16 2005 4:56:56p ..S.R 236,471 230.93 K
cartmgr.dll Wed May 11 2005 5:37:16p ..S.R 235,566 230.04 K
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
ctbjmon.dll Thu Jul 21 2005 7:59:16p ..S.R 233,248 227.78 K
d8j00i~1.dll Fri Jun 17 2005 12:56:42p ..S.R 236,489 230.95 K
ddtrans.dll Sat Jul 23 2005 12:32:34a ..S.R 233,248 227.78 K
dimclien.dll Mon Jul 11 2005 2:27:08p ..S.R 234,784 229.28 K
dn2401~1.dll Tue May 10 2005 4:25:04p ..S.R 234,310 228.82 K
dn8s01~1.dll Thu May 26 2005 6:32:48p ..S.R 233,059 227.59 K
dnlq01~1.dll Thu May 12 2005 9:12:22p ..S.R 235,463 229.94 K
dnls01~1.dll Sat Jul 23 2005 6:40:56p ..S.R 233,248 227.78 K
dnn401~1.dll Mon Jun 6 2005 5:30:28p ..S.R 234,860 229.36 K
dnn801~1.dll Fri Jul 22 2005 12:40:18a ..S.R 234,099 228.61 K
dnpq01~1.dll Tue May 17 2005 9:44:50p ..S.R 234,248 228.76 K
dolay.dll Mon Jul 11 2005 2:27:02p ..S.R 234,784 229.28 K
e0jmla~1.dll Sat Jul 23 2005 12:33:26a ..S.R 234,358 228.86 K
e4020e~1.dll Wed Jun 8 2005 12:07:56p ..S.R 234,613 229.11 K
e420le~1.dll Mon Aug 1 2005 7:49:36p ..S.R 236,066 230.53 K
e8202i~1.dll Sun Jun 5 2005 10:24:36a ..S.R 234,786 229.28 K
enj4l1~1.dll Tue May 10 2005 7:34:06a ..S.R 234,741 229.24 K
ennml1~1.dll Mon May 9 2005 5:29:22p ..S.R 234,245 228.75 K
enp6l1~1.dll Sun Jul 31 2005 8:41:56a ..S.R 234,919 229.41 K
f2l0lc~1.dll Tue May 10 2005 10:23:46a ..S.R 234,362 228.87 K
fe8u03~1.dll Mon May 23 2005 10:41:08p ..S.R 233,059 227.59 K
fnwpp.dll Tue Jun 14 2005 3:55:16p ..S.R 234,409 228.91 K
fp2003~1.dll Sat Jun 11 2005 11:43:02a ..S.R 235,518 229.99 K
fp2s03~1.dll Mon May 30 2005 8:31:34p ..S.R 235,132 229.62 K
fp2u03~1.dll Tue May 10 2005 7:46:54a ..S.R 234,253 228.76 K
fp4203~1.dll Fri Jun 24 2005 11:22:16p ..S.R 234,272 228.78 K
fpjs03~1.dll Fri Jul 8 2005 2:26:20p ..S.R 233,752 228.27 K
g204lc~1.dll Sat Jul 23 2005 7:49:06p ..S.R 234,650 229.15 K
g2220c~1.dll Wed May 11 2005 6:34:58p ..S.R 235,685 230.16 K
g6jolg~1.dll Tue Jun 14 2005 3:55:14p ..S.R 235,725 230.20 K
g804li~1.dll Sat Aug 6 2005 7:58:44p ..S.R 233,354 227.88 K
gp2ml3~1.dll Tue May 10 2005 6:04:32p ..S.R 236,689 231.14 K
gp46l3~1.dll Wed Jul 13 2005 3:34:50a ..S.R 233,557 228.08 K
gp4ql3~1.dll Mon May 30 2005 7:32:44p ..S.R 234,575 229.07 K
gpn4l3~1.dll Sat Jul 23 2005 10:21:56a ..S.R 234,701 229.20 K
h6l20g~1.dll Mon May 9 2005 7:02:40p ..S.R 233,330 227.86 K
h82oli~1.dll Sat Jul 23 2005 12:32:34a ..S.R 234,576 229.08 K
hhsetup.dll Thu May 26 2005 8:59:52p A.... 38,912 38.00 K
hpj023~1.dll Thu Jun 16 2005 4:56:56p ..S.R 233,742 228.26 K
hr2q05~1.dll Tue May 10 2005 4:25:00p ..S.R 233,855 228.37 K
hrn605~1.dll Tue May 10 2005 5:58:50p ..S.R 0 0.00 K
i2lo0c~1.dll Sat Jul 30 2005 7:25:16p ..S.R 234,604 229.11 K
i4jq0e~1.dll Fri Jun 24 2005 6:14:36p ..S.R 233,868 228.39 K
icm32.dll Tue Jun 28 2005 8:54:58p A.... 237,056 231.50 K
ir4ml5~1.dll Thu Jun 16 2005 6:23:06a ..S.R 235,547 230.02 K
irjol5~1.dll Sat Aug 6 2005 10:27:44p ..S.R 236,538 230.99 K
irlul5~1.dll Wed May 11 2005 6:50:08p ..S.R 235,463 229.94 K
irn8l5~1.dll Tue May 10 2005 4:22:36p ..S.R 0 0.00 K
irr4l5~1.dll Wed May 11 2005 5:39:16p ..S.R 235,566 230.04 K
itircl.dll Thu May 26 2005 8:59:52p A.... 143,872 140.50 K
itq.dll Sun Aug 7 2005 1:23:50p ..S.R 235,255 229.74 K
itshlpr.dll Wed Jun 15 2005 3:04:34a ..S.R 234,624 229.13 K
itss.dll Thu May 26 2005 8:59:52p A.... 128,000 125.00 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
j2j60c~1.dll Tue May 10 2005 4:27:44p ..S.R 233,330 227.86 K
j40s0e~1.dll Wed Jun 15 2005 8:04:54a ..S.R 234,409 228.91 K
j82qli~1.dll Sun Jun 5 2005 10:24:16a ..S.R 235,937 230.41 K
j8p0li~1.dll Fri Jul 22 2005 7:45:18a ..S.R 234,326 228.83 K
jesd400.dll Tue May 10 2005 4:25:00p ..S.R 233,330 227.86 K
jqp00e~1.dll Tue May 17 2005 9:44:50p ..S.R 233,677 228.20 K
jt0407~1.dll Tue Jul 5 2005 2:45:54p ..S.R 233,752 228.27 K
jt0607~1.dll Tue May 10 2005 4:21:24p ..S.R 233,937 228.45 K
jt8407~1.dll Sat Jun 11 2005 11:39:44a ..S.R 234,896 229.39 K
jtjs07~1.dll Thu Jul 14 2005 5:40:30p ..S.R 234,272 228.78 K
jtn407~1.dll Mon May 30 2005 7:32:28p ..S.R 234,162 228.67 K
k4080e~1.dll Sat Jul 9 2005 12:34:12p ..S.R 233,752 228.27 K
k4no0e~1.dll Mon May 9 2005 5:27:34p ..S.R 233,448 227.98 K
k6260g~1.dll Fri Jul 1 2005 1:50:00a ..S.R 235,543 230.02 K
k862li~1.dll Wed Jul 13 2005 8:40:42a ..S.R 233,557 228.08 K
kqdbr.dll Sun Aug 7 2005 3:24:10p ..... 236,538 230.99 K
ksdda.dll Tue May 10 2005 4:24:58p ..S.R 234,272 228.78 K
kt26l7~1.dll Thu Jul 21 2005 10:35:36p ..S.R 234,875 229.37 K
kt4ol7~1.dll Wed Jul 13 2005 8:27:52a ..S.R 236,187 230.65 K
kt62l7~1.dll Thu Jul 21 2005 8:01:30p ..S.R 234,515 229.02 K
kt6ul7~1.dll Tue May 10 2005 2:54:44p ..S.R 235,297 229.78 K
ktj0l7~1.dll Fri Jul 1 2005 8:30:26a ..S.R 235,934 230.40 K
ktl2l7~1.dll Mon Jun 20 2005 6:12:14p ..S.R 233,354 227.88 K
ktr0l7~1.dll Mon May 23 2005 2:05:56p ..S.R 234,156 228.67 K
kvdazel.dll Wed May 11 2005 1:17:36p ..S.R 235,566 230.04 K
l08m0a~1.dll Fri Jul 22 2005 12:37:18a ..S.R 233,559 228.08 K
lv0q09~1.dll Fri Jul 22 2005 4:45:08p ..S.R 233,757 228.28 K
lv8o09~1.dll Wed Jun 15 2005 6:13:12p ..S.R 234,402 228.91 K
lvj409~1.dll Sun Jul 24 2005 3:59:54p ..S.R 233,667 228.19 K
lvl409~1.dll Tue May 10 2005 2:12:46a ..S.R 233,769 228.29 K
lvn009~1.dll Sun Aug 7 2005 3:24:10p ..S.R 236,597 231.05 K
lvr209~1.dll Thu Jul 21 2005 7:57:04p ..S.R 233,547 228.07 K
lvrm09~1.dll Fri Jul 22 2005 7:29:46a ..S.R 233,447 227.97 K
m2ju0c~1.dll Sun Jul 24 2005 8:12:30a ..S.R 234,160 228.67 K
m4po0e~1.dll Mon May 9 2005 5:29:26p ..S.R 233,367 227.89 K
m682lg~1.dll Mon May 30 2005 7:58:34p ..S.R 233,705 228.23 K
mcxclu.dll Tue May 10 2005 5:48:24p ..S.R 233,330 227.86 K
mdc42.dll Wed Jun 15 2005 8:17:46a ..S.R 235,412 229.89 K
mh60l9~1.dll Wed Jun 15 2005 7:10:54a ..S.R 234,409 228.91 K
mic42u.dll Fri Jun 24 2005 7:37:04p ..S.R 234,272 228.78 K
miexch35.dll Fri Jun 24 2005 6:20:00p ..S.R 234,272 228.78 K
mkxbde40.dll Sun Jun 5 2005 10:29:42a ..S.R 234,409 228.91 K
mlacm.dll Sun Jun 19 2005 4:58:06p ..S.R 234,775 229.27 K
mputb.dll Wed Jul 13 2005 3:31:14a ..S.R 234,784 229.28 K
mpxclu.dll Thu Jul 14 2005 12:50:38p ..S.R 234,272 228.78 K
mqhtmled.dll Fri Jun 24 2005 6:20:04p ..S.R 234,272 228.78 K
mscms.dll Tue Jun 28 2005 8:54:58p A.... 68,608 67.00 K
mtvbvm60.dll Wed Jun 15 2005 9:04:30a ..S.R 235,412 229.89 K
mucltui.dll Thu May 26 2005 4:16:24a A.... 127,208 124.23 K
mudocs.dll Tue May 10 2005 5:48:20p ..S.R 234,272 228.78 K
muweb.dll Thu May 26 2005 4:19:32a A.... 178,408 174.23 K
mwrecr40.dll Sat Aug 6 2005 9:30:24p ..S.R 235,255 229.74 K
mzkzkddi.dll Wed May 25 2005 8:13:12a A.... 163,840 160.00 K
n4r2le~1.dll Tue May 10 2005 6:02:32p ..S.R 235,566 230.04 K
n8n60i~1.dll Sat Jul 23 2005 12:30:48a ..S.R 234,495 228.99 K
nglsapi.dll Thu Jul 14 2005 5:38:30p ..S.R 234,272 228.78 K
ngwdev.dll Thu Jun 16 2005 6:23:06a ..S.R 234,402 228.91 K
nwdeapi.dll Thu Jul 14 2005 12:50:46p ..S.R 234,272 228.78 K
o2ns0c~1.dll Mon Jul 11 2005 1:18:48p ..S.R 233,760 228.28 K
o2nslc~1.dll Tue May 10 2005 5:48:22p ..S.R 235,082 229.57 K
o6lulg~1.dll Wed May 11 2005 6:36:44p ..S.R 235,463 229.94 K
o866li~1.dll Sun Jun 19 2005 5:30:36p ..S.R 233,570 228.09 K
ombccu32.dll Mon May 30 2005 7:49:34p ..S.R 233,705 228.23 K
opepro32.dll Thu Jul 21 2005 10:35:36p ..S.R 233,248 227.78 K
p84uli~1.dll Fri Jul 22 2005 2:50:14p ..S.R 235,196 229.68 K
q6860g~1.dll Tue May 10 2005 5:56:50p ..S.R 235,768 230.24 K
q6nulg~1.dll Sun May 22 2005 4:27:42p ..S.R 236,620 231.07 K
r0p80a~1.dll Tue Jul 5 2005 12:29:04a ..S.R 234,917 229.41 K
r28slc~1.dll Thu Jul 21 2005 7:59:16p ..S.R 235,030 229.52 K
r86uli~1.dll Fri Jul 22 2005 7:46:08a ..S.R 235,216 229.70 K
rpssapi.dll Fri Jul 22 2005 7:45:18a ..S.R 233,248 227.78 K
secfiles.dll Tue May 10 2005 4:28:50p ..S.R 234,272 228.78 K
skreamci.dll Tue May 10 2005 4:29:14p ..S.R 234,272 228.78 K
smell.dll Tue May 10 2005 4:28:44p ..S.R 234,272 228.78 K
sosinv.dll Thu Jul 21 2005 7:57:04p ..S.R 233,248 227.78 K
sri_ci.dll Fri Jun 24 2005 6:14:36p ..S.R 233,354 227.88 K
sueio.dll Tue May 17 2005 9:48:10p ..S.R 233,677 228.20 K
t48u0e~1.dll Mon Jun 6 2005 5:30:44p ..S.R 235,086 229.57 K
t68ulg~1.dll Fri Jul 22 2005 1:52:46a ..S.R 235,234 229.72 K
t6r8lg~1.dll Thu May 26 2005 6:47:30p ..S.R 235,601 230.08 K
uzrvpa.dll Tue May 10 2005 4:21:28p ..... 234,272 228.78 K
vus_ps.dll Tue May 10 2005 5:28:46p ..S.R 234,272 228.78 K
vydate.dll Sun Jun 5 2005 10:24:18a ..S.R 234,409 228.91 K
whnrnr.dll Tue May 10 2005 5:58:06p ..S.R 234,272 228.78 K
wiwizdll.dll Wed May 11 2005 5:43:54p ..S.R 235,169 229.66 K
wlerrenu.dll Mon Jul 11 2005 11:03:00a ..S.R 233,760 228.28 K
wmavideo.dll Sat Aug 6 2005 9:57:10p ..S.R 235,255 229.74 K
wrnotify.dll Tue Jun 14 2005 5:55:36p ..S.R 234,409 228.91 K
wrps.dll Fri Aug 5 2005 4:01:28a ..S.R 232,883 227.42 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
xpsp3res.dll Mon May 16 2005 7:43:40p ..... 7,168 7.00 K

161 items found: 161 files (141 H/S), 0 directories.
Total of file sizes: 36,800,716 bytes 35.09 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sun Aug 7 2005 3:29:10p ..S.R 236,538 230.99 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 236,538 bytes 230.99 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is A895-F556

Directory of C:\WINDOWS\System32

08/07/2005 03:29 PM 236,538 guard.tmp
08/07/2005 03:24 PM 236,597 lvn0095me.dll
08/07/2005 01:23 PM 235,255 itq.dll
08/06/2005 10:27 PM 236,538 irjol5131.dll
08/06/2005 09:57 PM 235,255 WMAVIDEO.DLL
08/06/2005 09:30 PM 235,255 MWRECR40.DLL
08/06/2005 07:58 PM 233,354 g804lidq180e.dll
08/06/2005 06:55 PM <DIR> DLLCACHE
08/05/2005 04:01 AM 232,883 wrps.dll
08/01/2005 07:49 PM 236,066 e420lefm1h2a.dll
07/31/2005 08:41 AM 234,919 enp6l17s1.dll
07/30/2005 07:25 PM 234,604 i2lo0c33ef.dll
07/24/2005 03:59 PM 233,667 lvj4091qe.dll
07/24/2005 08:12 AM 234,160 m2ju0c19ef.dll
07/23/2005 07:49 PM 234,650 g204lcdq1f0e.dll
07/23/2005 06:40 PM 233,248 dnls0137e.dll
07/23/2005 10:21 AM 234,701 gpn4l35q1.dll
07/23/2005 12:33 AM 234,358 e0jmla111d.dll
07/23/2005 12:32 AM 233,248 ddtrans.dll
07/23/2005 12:32 AM 234,576 h82olif3182.dll
07/23/2005 12:30 AM 234,495 n8n60i5se8.dll
07/22/2005 04:45 PM 233,757 lv0q09d5e.dll
07/22/2005 02:50 PM 235,196 p84ulih9184.dll
07/22/2005 07:46 AM 235,216 r86ulij918o.dll
07/22/2005 07:45 AM 233,248 rPssapi.dll
07/22/2005 07:45 AM 234,326 j8p0li7m18.dll
07/22/2005 07:29 AM 233,447 lvrm0991e.dll
07/22/2005 01:52 AM 235,234 t68ulgl916q.dll
07/22/2005 12:40 AM 234,099 dnn8015ue.dll
07/22/2005 12:37 AM 233,559 l08m0al1edq.dll
07/22/2005 12:37 AM 234,143 azaq0975e.dll
07/21/2005 10:35 PM 233,248 OPEPRO32.DLL
07/21/2005 10:35 PM 234,875 kt26l7fs1.dll
07/21/2005 08:01 PM 234,515 kt62l7jo1.dll
07/21/2005 07:59 PM 233,248 CTBJMON.DLL
07/21/2005 07:59 PM 235,030 r28slcl71fq.dll
07/21/2005 07:57 PM 233,248 SOSINV.DLL
07/21/2005 07:57 PM 233,547 lvr2099oe.dll
07/14/2005 05:40 PM 234,272 jtjs0717e.dll
07/14/2005 05:38 PM 234,272 NGLSAPI.DLL
07/14/2005 12:50 PM 234,272 NWDEAPI.DLL
07/14/2005 12:50 PM 234,272 mpxclu.dll
07/13/2005 08:40 AM 233,557 k862lijo18oc.dll
07/13/2005 08:27 AM 236,187 kt4ol7h31.dll
07/13/2005 03:34 AM 233,557 gp46l3hs1.dll
07/13/2005 03:31 AM 234,784 mputb.dll
07/11/2005 02:27 PM 234,784 dimclien.dll
07/11/2005 02:27 PM 234,784 DOLAY.DLL
07/11/2005 01:18 PM 233,760 o2ns0c57ef.dll
07/11/2005 11:02 AM 233,760 wlerrenu.dll
07/09/2005 12:34 PM 233,752 k4080edueh080.dll
07/08/2005 02:26 PM 233,752 fpjs0317e.dll
07/05/2005 02:45 PM 233,752 jt0407dqe.dll
07/05/2005 12:29 AM 234,917 r0p80a7ued.dll
07/02/2005 08:13 AM 236,328 aza0l59m1.dll
07/01/2005 08:30 AM 235,934 ktj0l71m1.dll
07/01/2005 01:49 AM 235,543 k6260gfse6260.dll
06/24/2005 11:22 PM 234,272 fp4203hoe.dll
06/24/2005 07:37 PM 234,272 MIC42U.DLL
06/24/2005 06:20 PM 234,272 mqhtmled.dll
06/24/2005 06:19 PM 234,272 miexch35.dll
06/24/2005 06:14 PM 233,354 sri_ci.dll
06/24/2005 06:14 PM 233,868 i4jq0e15eh.dll
06/20/2005 06:12 PM 233,354 ktl2l73o1.dll
06/19/2005 10:26 PM 236,341 aza20g1oe6.dll
06/19/2005 05:30 PM 233,570 o866lijs18o6.dll
06/19/2005 04:58 PM 234,775 MLACM.DLL
06/17/2005 06:17 PM 233,870 azaul3591.dll
06/17/2005 12:56 PM 236,489 d8j00i1me8.dll
06/16/2005 04:56 PM 236,471 CAOSYS.DLL
06/16/2005 04:56 PM 233,742 hpj0231mg.dll
06/16/2005 06:23 AM 234,402 ngwdev.dll
06/16/2005 06:23 AM 235,547 ir4ml5h11.dll
06/15/2005 06:13 PM 234,402 lv8o09l3e.dll
06/15/2005 09:04 AM 235,412 MTVBVM60.DLL
06/15/2005 08:17 AM 235,412 MDC42.DLL
06/15/2005 08:04 AM 234,409 j40s0ed7eh0.dll
06/15/2005 07:10 AM 234,409 mh60l9jm1.dll
06/15/2005 03:04 AM 234,624 ITSHLPR.DLL
06/14/2005 05:55 PM 234,409 wrnotify.dll
06/14/2005 03:55 PM 234,409 FNWPP.DLL
06/14/2005 03:55 PM 235,725 g6jolg1316.dll
06/11/2005 11:43 AM 235,518 fp2003fme.dll
06/11/2005 11:39 AM 234,896 jt8407lqe.dll
06/08/2005 12:07 PM 234,613 e4020edoeh0c0.dll
06/06/2005 05:30 PM 235,086 t48u0el9ehq.dll
06/06/2005 05:30 PM 234,860 dnn4015qe.dll
06/05/2005 10:29 AM 234,409 mkxbde40.dll
06/05/2005 10:24 AM 234,786 e8202ifmg82a2.dll
06/05/2005 10:24 AM 234,409 VyDate.dll
06/05/2005 10:24 AM 235,937 j82qlif5182.dll
05/30/2005 08:31 PM 235,132 fp2s03f7e.dll
05/30/2005 07:58 PM 233,705 m682lglo16qc.dll
05/30/2005 07:49 PM 233,705 ombccu32.dll
05/30/2005 07:32 PM 234,575 gp4ql3h51.dll
05/30/2005 07:32 PM 234,162 jtn4075qe.dll
05/26/2005 06:47 PM 235,601 t6r8lg9u16.dll
05/26/2005 06:32 PM 233,059 dn8s01l7e.dll
05/25/2005 08:14 AM 430,080 ??oolsv.exe
05/23/2005 10:41 PM 233,059 fe8u03l9e.dll
05/23/2005 02:05 PM 234,156 ktr0l79m1.dll
05/22/2005 04:27 PM 236,620 q6nulg5916.dll
05/17/2005 09:54 PM 233,677 aza8l55u1.dll
05/17/2005 09:48 PM 233,677 sueio.dll
05/17/2005 09:44 PM 233,677 jQp00e7meh.dll
05/17/2005 09:44 PM 234,248 dnpq0175e.dll
05/12/2005 09:12 PM 235,463 dnlq0135e.dll
05/11/2005 06:50 PM 235,463 irlul5391.dll
05/11/2005 06:36 PM 235,463 o6lulg3916.dll
05/11/2005 06:34 PM 235,685 g2220cfoef2c0.dll
05/11/2005 05:43 PM 235,169 WIWIZDLL.DLL
05/11/2005 05:39 PM 235,566 irr4l59q1.dll
05/11/2005 05:37 PM 235,566 CARTMGR.DLL
05/11/2005 01:17 PM 235,566 KVDAZEL.DLL
05/11/2005 08:57 AM 235,243 aza60i3se8.dll
05/10/2005 06:04 PM 236,689 gp2ml3f11.dll
05/10/2005 06:02 PM 235,566 n4r2le9o1h.dll
05/10/2005 05:58 PM 0 hrn6055se.dll
05/10/2005 05:58 PM 234,272 WHNRNR.DLL
05/10/2005 05:56 PM 235,768 q6860glse6q60.dll
05/10/2005 05:48 PM 233,330 mcxclu.dll
05/10/2005 05:48 PM 235,082 o2nslc571f.dll
05/10/2005 05:48 PM 234,272 MUDOCS.DLL
05/10/2005 05:28 PM 234,272 VUS_PS.DLL
05/10/2005 04:29 PM 234,272 SKREAMCI.DLL
05/10/2005 04:28 PM 234,272 secfiles.dll
05/10/2005 04:28 PM 234,272 SMELL.DLL
05/10/2005 04:27 PM 233,330 j2j60c1sef.dll
05/10/2005 04:25 PM 234,310 dn2401fqe.dll
05/10/2005 04:24 PM 233,330 JESD400.DLL
05/10/2005 04:24 PM 233,855 hr2q05f5e.dll
05/10/2005 04:24 PM 234,272 KSDDA.DLL
05/10/2005 04:22 PM 0 irn8l55u1.dll
05/10/2005 04:21 PM 233,937 jt0607dse.dll
05/10/2005 02:54 PM 235,297 kt6ul7j91.dll
05/10/2005 10:23 AM 234,362 f2l0lc3m1f.dll
05/10/2005 07:46 AM 234,253 fp2u03f9e.dll
05/10/2005 07:34 AM 234,741 enj4l11q1.dll
05/10/2005 02:12 AM 233,769 lvl4093qe.dll
05/09/2005 07:55 PM 234,612 azau0gj9e6o.dll
05/09/2005 07:02 PM 233,330 h6l20g3oe6.dll
05/09/2005 05:29 PM 233,367 m4po0e73eh.dll
05/09/2005 05:29 PM 234,245 ennml1511.dll
05/09/2005 05:27 PM 233,448 k4no0e53eh.dll
05/03/2005 07:26 AM 233,094 CCOSYS.DLL
05/03/2005 07:26 AM 234,266 k2pmlc711f.dll
05/02/2005 11:21 PM 233,094 ledis13n.dll
05/02/2005 11:20 PM 233,250 ktnml7511.dll
04/28/2005 06:30 PM 233,435 dn4o01h3e.dll
04/28/2005 06:51 AM 234,048 q4nu0e59eh.dll
04/15/2005 08:50 PM 236,101 p08q0al5edq.dll
04/15/2005 08:43 PM 236,022 dn0q01d5e.dll
04/14/2005 11:09 PM 235,330 ddgest.dll
04/14/2005 06:25 AM 236,131 m064lajq1doe.dll
04/12/2005 11:51 PM 234,671 n88o0il3e8q.dll
04/09/2005 05:40 PM 234,862 jtro0793e.dll
04/09/2005 05:10 PM 235,740 mv60l9jm1.dll
04/08/2005 09:18 PM 234,806 KEDGKL.DLL
04/08/2005 05:32 PM 233,151 l8l60i3se8.dll
04/08/2005 02:55 PM 233,383 h2l20c3oef.dll
04/08/2005 02:48 PM 235,694 ennsl1571.dll
04/08/2005 12:41 PM 232,636 fudrclnr.dll
04/08/2005 11:03 AM 235,801 jt0m07d1e.dll
04/08/2005 10:50 AM 233,114 r08slal71dq.dll
04/08/2005 10:42 AM 235,910 f6j20g1oe6.dll
04/08/2005 07:21 AM 233,201 fp0403dqe.dll
04/07/2005 08:12 PM 233,201 DGLAY.DLL
04/07/2005 07:42 PM 233,078 SHSINV.DLL
03/31/2005 08:56 PM 234,102 fp8u03l9e.dll
03/31/2005 07:16 PM 234,576 n4p40e7qeh.dll
03/31/2005 05:07 PM 233,214 e0jm0a11ed.dll
03/31/2005 04:04 PM 233,214 DNUTIL.DLL
03/30/2005 07:46 AM 234,180 r66u0gj9e6o.dll
03/30/2005 07:08 AM 232,824 mtxbde40.dll
03/29/2005 11:25 AM 234,640 SILWAPI.DLL
03/29/2005 11:05 AM 236,030 o0rola931d.dll
03/29/2005 09:59 AM 235,857 ktj2l71o1.dll
03/29/2005 08:03 AM 235,844 e402ledo1h0c.dll
03/29/2005 07:49 AM 232,924 k8js0i17e8.dll
03/28/2005 12:04 PM 235,301 jtn8075ue.dll
03/28/2005 10:58 AM 236,233 o2lu0c39ef.dll
03/28/2005 10:31 AM 233,231 jrj0251mg.dll
03/28/2005 09:56 AM 232,936 i424lefq1h2e.dll
03/28/2005 09:38 AM 236,159 p8n80i5ue8.dll
03/28/2005 09:21 AM 235,301 gpnul3591.dll
03/27/2005 08:18 PM 234,799 i0240afqed2e0.dll
03/27/2005 06:50 PM 233,803 lvls0937e.dll
03/27/2005 04:51 PM 234,315 enn2l15o1.dll
03/27/2005 02:06 PM 235,516 o4ns0e57eh.dll
03/27/2005 01:28 PM 233,352 CFMSNAP.DLL
03/27/2005 11:41 AM 233,352 dnlo0133e.dll
03/27/2005 11:04 AM 235,339 kt8ul7l91.dll
03/27/2005 09:29 AM 236,100 wydmtpus.dll
03/27/2005 09:29 AM 236,150 h0n00a5med.dll
03/27/2005 09:25 AM 233,061 kddibm02.dll
03/26/2005 10:06 PM 475 otzgy.dll
03/26/2005 05:46 PM 236,100 WX2_32.DLL
03/26/2005 05:35 PM 233,093 m8lsli3718.dll
03/26/2005 05:29 PM 232,622 MRLS31.DLL
03/25/2005 11:17 AM 232,498 lv4q09h5e.dll
03/25/2005 09:45 AM 233,157 kt68l7ju1.dll
03/25/2005 12:07 AM 235,227 gpr4l39q1.dll
03/24/2005 09:28 PM 233,084 p4p6le7s1h.dll
03/24/2005 08:51 PM 235,280 cfbcatq.dll
03/22/2005 04:32 PM 232,756 i460lejm1hoa.dll
03/20/2005 10:05 PM 232,813 e4jmle111h.dll
03/20/2005 10:05 PM 235,524 i4420ehoeh4c0.dll
03/20/2005 08:31 PM 235,280 madtcprx.dll
03/20/2005 08:31 PM 235,950 p0p60a7sed.dll
03/20/2005 08:25 PM 233,082 ktjsl7171.dll
03/20/2005 03:47 PM 233,070 r2r6lc9s1f.dll
03/20/2005 03:09 PM 235,280 ICETCOMM.DLL
03/20/2005 03:09 PM 232,771 irr0l59m1.dll
03/20/2005 02:55 PM 233,730 q0680ajuedo80.dll
03/20/2005 01:13 PM 234,073 fp4o03h3e.dll
03/20/2005 11:41 AM 234,200 n0p40a7qed.dll
03/20/2005 11:05 AM 235,494 p46slej71ho.dll
03/20/2005 09:13 AM 233,763 fpl0033me.dll
03/19/2005 05:22 PM 235,419 ZCORT4AS.dll
03/19/2005 05:21 PM 233,730 j8p00i7me8.dll
03/19/2005 10:07 AM 233,730 wwcltui.dll
03/19/2005 04:06 AM 235,514 r48slel71hq.dll
03/19/2005 04:03 AM 234,387 nrtman.dll
03/19/2005 04:02 AM 233,730 ir4ol5h31.dll
03/19/2005 03:50 AM 233,730 nqprint.dll
03/18/2005 08:39 PM 232,831 JISD400.DLL
03/18/2005 07:45 AM 233,730 mrrd2x40.dll
03/17/2005 07:12 PM 232,831 cqyptsvc(3).dll
03/17/2005 10:50 AM 236,082 BKOTVID.DLL
03/17/2005 10:50 AM 232,928 mv04l9dq1.dll
03/17/2005 09:55 AM 235,081 PHRFNET.DLL
03/17/2005 09:29 AM 235,002 WONRNR.DLL
03/17/2005 08:42 AM 235,002 UJRDPA.DLL
03/17/2005 07:28 AM 235,391 RMSMONTR.DLL
03/16/2005 09:17 PM 235,002 KXDBR.DLL
03/16/2005 08:28 PM 235,002 czyptsvc(3).dll
03/16/2005 08:28 PM 235,407 hr0405dqe.dll
03/16/2005 08:22 PM 234,674 j4p00e7meh.dll
03/16/2005 07:08 PM 234,674 dbnhpast.dll
03/16/2005 07:00 PM 233,827 lvpq0975e.dll
03/16/2005 06:57 PM 233,249 dn0001dme.dll
03/16/2005 06:54 PM 234,293 ir40l5hm1.dll
03/20/2004 11:47 PM 1,020 Atv0g.65p
02/17/2004 09:31 PM 1,104 Yfk8.ct6
01/29/2004 06:51 PM 56 AC6442D9F6.sys
11/29/2003 07:21 PM 1,020 Hner.6dc
08/14/2002 12:00 PM <DIR> Microsoft
245 File(s) 56,000,120 bytes
2 Dir(s) 1,557,471,232 bytes free
  • 0

#18
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
EXCELLENT!!!

Close any programs you have open since this step requires a reboot.
  • From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing "2" and then pressing ENTER.
  • Then press any key to reboot your computer.
  • After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer.
  • When it's finished, Notepad will open with a log.
  • Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Regards,

Trevuren

  • 0

#19
snapshot

snapshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is my hijack this log bu 12mfix was going well untill the second scan pass then it said the same thing about win32 could not read it. Here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:38:07 PM, on 8/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [0FFS3pT] morautou.exe
O4 - HKLM\..\Run: [DNP] a
O4 - HKLM\..\RunServices: [msnmsgrflc] sdvhot1.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5....m/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.bro...tings/vroom.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123374364328
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0027.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...tterInstall.cab
O20 - AppInit_DLLs: PAVWAIT.DLL Tۺ
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
  • 0

#20
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
It can say what it wants but it took out the infection according to your log. Look at the 020 entries in your first log and your last log. See that 1 is missing? That is the l2m one that is gone.

Time for bed. I will continue with your case first thing tomorrow.

You did an excellent job.

Regards,

Trevuren

  • 0

#21
snapshot

snapshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you my friend.You did an awsome job. I don't have any popups at this time and will be sending a donation this week. Sleep well and look forward to working with you again.
  • 0

#22
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi snapshot

, Inasmuch as quite some time has elapsed since we last communicated, I would like to give your log another review to see if there are any more infections lurking.

If you are still interested in availing yourself of our service, please post a fresh HJT log.

Regards,

Trevuren

  • 0

#23
snapshot

snapshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Trevuren. Here is my log . Hope your doing well. Can I ask if this log can tell why my cd burner isnt working. I cant burn any pictures to Cds for my photography.

Logfile of HijackThis v1.99.1
Scan saved at 10:03:32 AM, on 8/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [0FFS3pT] morautou.exe
O4 - HKLM\..\RunServices: [msnmsgrflc] sdvhot1.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5....m/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.bro...tings/vroom.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123374364328
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0027.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...tterInstall.cab
O20 - AppInit_DLLs: PAVWAIT.DLL Tۺ
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
  • 0

#24
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I am glad I checked in. There is some nasty stuff here.

1. Make sure your version of Ewido is 3.5 and updated.

2. Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

3. Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml



4. Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Then please run Ewido, and run a full scan. Save the logfile from the scan.

5. Next please run HijackThis, click Scan, and check:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [0FFS3pT] morautou.exe
O4 - HKLM\..\RunServices: [msnmsgrflc] sdvhot1.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.ocx
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0027.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...tterInstall.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


Close all open windows except for HijackThis and click Fix Checked.

6. Now using Windows Explorer (Windowws key + E), please DELETE the following files/folders (and their content), if they are still present:

C:\WINDOWS\Nail.exe
morautou.exe<===You will have to Search for this one
sdvhot1.exe<==This one too
C:\WINDOWS\svcproc.exe

7. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Regards,

Trevuren

  • 0

#25
snapshot

snapshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, here are my logs
Logfile of HijackThis v1.99.1
Scan saved at 5:18:08 PM, on 8/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5....m/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.bro...tings/vroom.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123374364328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O20 - AppInit_DLLs: PAVWAIT.DLL Tۺ
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:55:15 PM, 8/20/2005
+ Report-Checksum: 5D95B5E

+ Scan result:

HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Error during cleaning
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Error during cleaning
HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Spyware.NaviSearch : Error during cleaning
HKLM\SOFTWARE\Classes\CB.UrlCatcher\CLSID -> Spyware.NaviSearch : Error during cleaning
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Error during cleaning
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Error during cleaning
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Error during cleaning
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Error during cleaning
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historysrcbox -> Spyware.ISTBar : Error during cleaning
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@buycom.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@cc.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@clickagents[1].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfk4gjcpibp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfk4kidzkdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkiclcjwcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkiehdjebp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkiggdpabq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkighcpwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkiqnczgaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkogkcpebo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkoojajsfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkycgazifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfkyomcpcep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfl4kgajsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfl4klazmgq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfl4qnc5gdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wflokhczodp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wfloolcjafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wflosiajicq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wflychc5cho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wgkiwmazkdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjk4ckc5klq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjk4emdjecq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjk4gkcpokp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjk4gld5ofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjk4ooc5kfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjk4qlcpwgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjk4soajodo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjk4ukazebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkoajdjkcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkoaldzwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkokjdjago.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkokkc5iap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkokldjilo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkoogazggo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkooldjccp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkoqhdpgkq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkowjajcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkyggcpkko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkygoazmgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkykkd5eko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjkywpajklp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjl4kgcjkaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjliagdjobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjliahczcao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjliajdpkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjlicodzgfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjligld5map.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjligocpiko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjliokc5oeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjliqnazmco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjliqpajohq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjliuhcjkgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjliwpd5who.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjloopajglo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjlosicpeep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjlyepdpmlq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjlyqgdzohp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjlyunajgco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmiagd5ggo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmiand5afo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmicoczebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmiemczkdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmisncpglp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmiwgdjgeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmykjd5acq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmysnc5clq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjmywmcjghq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjny-1gc5sf.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjny-1idpaf.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjny-1jcpgb.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyajajolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyakdzoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyapajgbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnycgazwgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnygidjskq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyogdzeko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyojdzgbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyokdzklo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyomcpcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyomdzmeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyopdzmlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnysgazclo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnysjczkgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnysnc5wap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyumdpago.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyuoczekq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnyupd5gbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnywjc5aep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@e-2dj6wjnywpd5wfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-bestbuy.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-cafepress.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-citrixonline.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-fxcm.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-idg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-professionalequipment.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-shoes.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-tigerdirect2.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@ehg-zazzle.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@rccl.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@sel.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@weborama[2].txt -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Documents and Settings\TEMP\Cookies\kevin oconnell@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/azaq0975e.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/CTBJMON.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/ddtrans.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/dnls0137e.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/dnn8015ue.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/e0jmla111d.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/e420lefm1h2a.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/enp6l17s1.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/g204lcdq1f0e.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/g804lidq180e.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/gpn4l35q1.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/h82olif3182.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/i2lo0c33ef.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/itq.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/j8p0li7m18.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/jt4007hme.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/kt26l7fs1.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/kt62l7jo1.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/KWDTUF.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/l08m0al1edq.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/lv0q09d5e.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/lvj4091qe.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/lvr2099oe.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/lvrm0991e.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/m2ju0c19ef.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/MWRECR40.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/OPEPRO32.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/p84ulih9184.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/r28slcl71fq.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/r86ulij918o.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/rPssapi.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/SOSINV.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/t68ulgl916q.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/WMAVIDEO.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/wrps.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\TEMP\Desktop\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP140\A0090094.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP140\A0092094.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP140\A0093096.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP140\A0094094.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP140\A0096094.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP141\A0097094.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP141\A0098094.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP141\A0100094.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP142\A0101094.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP142\A0102094.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP142\A0102111.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP143\A0103111.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP144\A0103124.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP148\A0103198.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP148\A0103203.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP148\A0103210.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP148\A0103368.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP148\A0103369.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP148\A0103370.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP148\A0103373.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP150\A0103406.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP150\A0103412.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP150\A0103427.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP151\A0103511.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP151\A0103517.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP152\A0103534.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP152\A0103543.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP152\A0103549.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP153\A0103588.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP154\A0103877.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP154\A0103878.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP154\A0103888.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP154\A0103889.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP154\A0103901.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP154\A0103902.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104901.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104910.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104911.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104914.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104953.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104956.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104966.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104967.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104974.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104994.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104995.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP157\A0104998.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105063.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105064.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105066.exe -> Spyware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105067.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105068.EXE -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105069.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105070.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105071.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105072.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105073.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105074.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105075.VXD/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105075.VXD/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105075.VXD/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105075.VXD/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105075.VXD/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105075.VXD/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105075.VXD/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105076.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105077.dll -> Spyware.Banex : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105078.exe -> Backdoor.Agent.jn : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105079.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105080.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105081.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105082.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105083.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105084.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105085.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105086.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105087.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105088.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105089.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105090.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105091.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105092.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105093.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105094.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105095.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105096.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105097.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105098.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105099.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105100.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105101.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105102.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105103.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105104.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105105.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105106.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105107.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105108.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105109.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105110.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105111.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105112.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105113.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105114.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105115.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105116.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105117.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105118.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105119.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105120.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105121.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105122.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105123.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105124.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105125.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105126.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105127.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105128.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105129.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105130.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105131.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105132.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105133.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105134.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105135.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105136.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105137.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105138.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105139.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105140.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105141.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105142.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105143.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105144.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105145.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105146.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105147.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105148.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP158\A0105149.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}&#
  • 0

Advertisements


#26
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Copy and paste this code box text into a text editor such as Notepad.

2. Save this text as ResetAppInit.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop. Include the word REGEDIT4

3. Double-click on ResetAppInit.reg. When it asks you to merge the information to the registry click Yes.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

4. REBOOT your system.

5. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

#27
snapshot

snapshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I hope I did this right, here is my log

Logfile of HijackThis v1.99.1
Scan saved at 6:28:35 PM, on 8/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5....m/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.bro...tings/vroom.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123374364328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
  • 0

#28
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Please run the following program:
  • Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
    http://www.mvps.org/.../DelDomains.inf
  • Save the file to the desktop.
  • Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal.

2. REBOOT your system

3.
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside the following item:

    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab

  • Now with all the items selected, and all windows closed except for HJT, delete it by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System


  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.
Regards,

Trevuren

  • 0

#29
snapshot

snapshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I havent had any problems with my computer since you helped me. It has been running great and no popups at all. The only thing is that everytime I try to copy a picture to a Cd it says ,cd not installed, so I cant burn any pictures to my cds

Logfile of HijackThis v1.99.1
Scan saved at 7:05:23 PM, on 8/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\ViRobotXP\vrautoup.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5....m/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://expressit.bro...tings/vroom.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123374364328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.../dwnldr_ext.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
  • 0

#30
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log is malware free. Your CD problem should be posted as a new topic in our hardware forum. They are pretty good.

Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

2. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP