Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winfixer 2005 still here


  • Please log in to reply

#1
Treach2001

Treach2001

    Member

  • Member
  • PipPip
  • 18 posts
I completed the entire process of going in and deleting items in safe mode, removing files and folders, and running all the scans and cleanups with ewido etc. The pop ups are still there from Winfixer 2005 and surfkick. What next, help.


Logfile of HijackThis v1.99.1
Scan saved at 8:00:42 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\ScanToPc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeffery K. Davis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Scan to PC.lnk = C:\WINDOWS\ScanToPc.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=zuzeb004YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Run- - C:\WINDOWS\system32\brpanui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!!

Please download the l2mfix from one of the locations below;

http://www.atribune....oads/l2mfix.exe

http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double-click l2mfix.exe

Click the Install - button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

Copy the contents of that log and paste it into your next reply.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to!

Note; if you recieve any error messages for CMD or Autoexec.bat>> select option 5 from the l2mfix and once at the site, click on the link that apply to your operating system!

Double-click the file it downloads and extract the files to its predetermined System32 folder!


Also post a fresh HijackThis log (Don't attach) along with L2Mfix log.

- Rawe :tazz:
  • 0

#3
Treach2001

Treach2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I get this when I double click the batch file? I am not the most computer literate person, please be patient.


A subdirectory or file backregs already exists.
You must have an internet connection Active to download
strings from systernals. If one is active than
Press any key to continue . . .
File Downloader - Version 1.01 (build 7.4)
Downloads a file from a HTTP or a FTP server.
Copyright © 2004, Noel Danjou <[email protected]>.

Server: www.sysinternals.com
Port: 80
Protocol: HTTP
.


Strings.zip:
Cannot create destination file: The process cannot access the file because it is
being used by another process.

Done.
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
unzip: cannot find zipfile directory in strings.zip,
and cannot find strings.zip.zip, period.
By using this tool you do so at your own risk. Please visit a forum on one of t
hese sites for help:
http://www.subratam.org
http://www.spywareinfo.com
http://www.tomcoyote.com
http://www.castlecops.biz
http://www.atribune.org
http://www.net-integration.net
Press any key to continue . . .

Edited by Treach2001, 17 August 2005 - 07:30 AM.

  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.
  • 0

#5
Treach2001

Treach2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Got it. You actually double click, then press enter and it give you your option box.

L2MFIX find log 1.03b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run-]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\brpanui.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{61A7F433-F4A2-036B-5812-ADA5E8ED143C}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{7D5C4BDD-B015-4401-8731-1507B87DE297}"="QBVersionTool"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}\InprocServer32]
@="C:\\WINDOWS\\system32\\symapi.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Is that the complete logfile?

It seems to me that it's missing some of it.
  • 0

#7
Treach2001

Treach2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
When I type in 1 enter, I get a 16 bit MS-DOS Subsytem (box) with this in it.

C:\WINDOWS\system32\cmd.exe
C:\WINDOWS/SYSTEM32\AUTOEXEC.NT The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application.

Then this is the log it produces:

L2MFIX find log 1.03b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\brpanui.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{61A7F433-F4A2-036B-5812-ADA5E8ED143C}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{7D5C4BDD-B015-4401-8731-1507B87DE297}"="QBVersionTool"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F743BF-7528-4F0C-BBFD-2FEFA162E870}\InprocServer32]
@="C:\\WINDOWS\\system32\\mbdart.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 5CB0-E98F

Directory of C:\WINDOWS\System32

08/17/2005 12:56 PM 417,792 mbdart.dll
08/13/2005 08:37 PM 417,792 brpanui.dll
08/12/2005 03:46 PM <DIR> dllcache
08/11/2004 05:20 PM <DIR> Microsoft
2 File(s) 835,584 bytes
2 Dir(s) 20,495,667,200 bytes free
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double-click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

- Rawe :tazz:
  • 0

#9
Treach2001

Treach2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I ran l2mfix.bat and select option #2 for Run Fix and left for the day. When I came back, the screen was still blank. I rebooted and got a quick dialogue box then it just ran for about and hour and never came back. I rebooted again and canceled the box before it could go blank again. Right now I am getting less pop ups and Winfixer 2005. Should I do something else before considering that it is fixed?

Here is my Hijack log. No other log appeared.

Logfile of HijackThis v1.99.1
Scan saved at 11:09:53 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\ScanToPc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeffery K. Davis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Jeffery K. Davis\Desktop\l2mfix\second.bat
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Scan to PC.lnk = C:\WINDOWS\ScanToPc.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=zuzeb004YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Edited by Treach2001, 17 August 2005 - 10:12 PM.

  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
It's definately not fixed yet. Let's continue with this:

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.
  • 0

Advertisements


#11
Treach2001

Treach2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Started Scanning
Internet Cookies
Found 'edge.ru4.com' in 'Internet Explorer Cache'
Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Found 'advertising.com' in 'Internet Explorer Cache'
Found 'valueclick.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'hits.clickandtrack.net' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'hitbox.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'trafficmp.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'ads.cc214142.com' in 'Internet Explorer Cache'
Found 'tradedoubler.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'perf.overture.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\BearShare'
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon'
Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Found '' in 'AppEvents\EventLabels\BearShareChatNotifyMsg'
Found '' in 'AppEvents\Schemes\Apps\BearShare'
Found '' in 'AppEvents\Schemes\Apps\BearShare\BearShareChatNotifyMsg'
Found '' in 'AppEvents\Schemes\Apps\BearShare\BearShareChatNotifyMsg\.Current'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found '' in 'SOFTWARE\MyWebSearch'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall'
Found '' in 'SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin'
Found '' in 'SOFTWARE\FunWebProducts'
Found '' in 'SOFTWARE\FocusInteractive'
Found '' in 'SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}'
Found '' in 'SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}'
Found '' in 'SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}'
Found '' in 'SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}'
Found '' in 'SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}'
Found '' in 'SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}'
Found '' in 'SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}'
Found '' in 'SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1'
Found '' in 'SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller'
Found '' in 'SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1'
Found '' in 'SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin'
Found '' in 'SOFTWARE\Classes\MyWebSearch.OutlookAddin.1'
Found '' in 'SOFTWARE\Classes\MyWebSearch.OutlookAddin'
Found '' in 'SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl'
Found '' in 'SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton'
Found '' in 'SOFTWARE\Classes\FunWebProducts.KillerObjManager.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.KillerObjManager'
Found '' in 'SOFTWARE\Classes\FunWebProducts.IECookiesManager.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.IECookiesManager'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HTMLMenu.2'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HTMLMenu.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HTMLMenu'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1'
Found '' in 'SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler'
Found '' in 'SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}'
Found '' in 'SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}'
Found '' in 'SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}'
Found '' in 'SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}'
Found '' in 'SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}'
Found '' in 'SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}'
Found '' in 'SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}'
Found '' in 'SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}'
Found '' in 'SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}'
Found '' in 'SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}'
Found '' in 'SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}'
Found '' in 'SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}'
Found '' in 'SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}'
Found '' in 'SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}'
Found '' in 'SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}'
Found '' in 'SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}'
Found '' in 'Software\MyWebSearch'
Found 'MyWebSearch Email Plugin' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Found 'MyWebSearch Email Plugin' in 'Software\Microsoft\Windows\CurrentVersion\Run'
Found '' in 'SOFTWARE\Fun Web Products'
Found 'LoadBehavior' in 'SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin'
Found 'FriendlyName' in 'SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin'
Found 'Description' in 'SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin'
Found 'LoadBehavior' in 'SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin'
Found 'FriendlyName' in 'SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin'
Found 'Description' in 'SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Finances & Business'
Found '' in 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance'
Found '' in 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Homelife & Travel'
Found '' in 'C:\Program Files\BearShare'
Found 'BSidle.dll' in 'C:\Program Files\BearShare'
Found '' in 'C:\Program Files\BearShare\db'
Found '' in 'C:\Program Files\BearShare\Extras'
Found '' in 'C:\Program Files\BearShare\Installer'
Found '' in 'C:\Program Files\BearShare\Logs'
Found '' in 'C:\Program Files\BearShare\Playlists'
Found '' in 'C:\Program Files\BearShare\sounds'
Found '' in 'C:\Program Files\BearShare\Temp'
Found '' in 'C:\Program Files\BearShare\Webstats'
Found '' in 'C:\Program Files\BullsEye Network'
Found '' in 'C:\Program Files\BullsEye Network\bin'
Found '' in 'C:\Program Files\FunWebProducts'
Found '' in 'C:\Program Files\FunWebProducts\Shared'
Found '' in 'C:\Program Files\Media Access'
Found '' in 'C:\Program Files\MyWebSearch'
Found '' in 'C:\Program Files\MyWebSearch\bar'
Found 'F3CJPEG.DLL' in 'C:\Program Files\MyWebSearch\bar\1.bin'
Found '' in 'C:\Program Files\NaviSearch'
Found '' in 'C:\Program Files\NaviSearch\bin'
Found '' in 'C:\Program Files\VBouncer'
Found 'creditcard32123123123asdsa123.ico' in 'C:\WINDOWS\system32'
Found 'virushunter4.ico' in 'C:\WINDOWS\system32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Finances & Business' in shortcut areas.
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Finances & Business' in startup areas.
Cleaning 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Finances & Business'
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Finances & Business\Human Resources.url' in shortcut areas.
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Finances & Business\Human Resources.url' in startup areas.
Cleaning 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Finances & Business\Human Resources.url'
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance' in shortcut areas.
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance' in startup areas.
Cleaning 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance'
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance\Dental Insurance.url' in shortcut areas.
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance\Dental Insurance.url' in startup areas.
Cleaning 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance\Dental Insurance.url'
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance\Term Life.url' in shortcut areas.
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance\Term Life.url' in startup areas.
Cleaning 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Health & Insurance\Term Life.url'
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Homelife & Travel' in shortcut areas.
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Homelife & Travel' in startup areas.
Cleaning 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Homelife & Travel'
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Homelife & Travel\International travel.url' in shortcut areas.
Checking for 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Homelife & Travel\International travel.url' in startup areas.
Cleaning 'C:\Documents and Settings\Jeffery K. Davis\Favorites\Homelife & Travel\International travel.url'
Checking for 'C:\Program Files\BearShare' in shortcut areas.
Checking for 'C:\Program Files\BearShare' in startup areas.
Cleaning 'C:\Program Files\BearShare'
Checking for 'C:\Program Files\BearShare\BearShare.dat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\BearShare.dat' in startup areas.
Cleaning 'C:\Program Files\BearShare\BearShare.dat'
Checking for 'C:\Program Files\BearShare\BearShare.exe' in shortcut areas.
Found 'BearShare.lnk' in 'C:\Documents and Settings\All Users\Start Menu\Programs\'
Found 'BearShare.lnk' in 'C:\Documents and Settings\Jeffery K. Davis\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\BearShare\BearShare.exe' in startup areas.
Cleaning 'C:\Program Files\BearShare\BearShare.exe'
Checking for 'C:\Program Files\BearShare\BSidle.dll' in shortcut areas.
Checking for 'C:\Program Files\BearShare\BSidle.dll' in startup areas.
Cleaning 'C:\Program Files\BearShare\BSidle.dll'
Checking for 'C:\Program Files\BearShare\db\config.bin' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\config.bin' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\config.bin'
Checking for 'C:\Program Files\BearShare\db\connect.txt' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\connect.txt' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\connect.txt'
Checking for 'C:\Program Files\BearShare\db\gnucache.dat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\gnucache.dat' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\gnucache.dat'
Checking for 'C:\Program Files\BearShare\db\gwebcache.dat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\gwebcache.dat' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\gwebcache.dat'
Checking for 'C:\Program Files\BearShare\db\hbcache.dat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\hbcache.dat' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\hbcache.dat'
Checking for 'C:\Program Files\BearShare\db\Hostiles-Chat.txt' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\Hostiles-Chat.txt' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\Hostiles-Chat.txt'
Checking for 'C:\Program Files\BearShare\db\Hostiles.txt' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\Hostiles.txt' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\Hostiles.txt'
Checking for 'C:\Program Files\BearShare\db\library.2.db' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\library.2.db' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\library.2.db'
Checking for 'C:\Program Files\BearShare\db\library.db' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\library.db' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\library.db'
Checking for 'C:\Program Files\BearShare\db\searches.ini' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db\searches.ini' in startup areas.
Cleaning 'C:\Program Files\BearShare\db\searches.ini'
Checking for 'C:\Program Files\BearShare\FreePeers.ini' in shortcut areas.
Checking for 'C:\Program Files\BearShare\FreePeers.ini' in startup areas.
Cleaning 'C:\Program Files\BearShare\FreePeers.ini'
Checking for 'C:\Program Files\BearShare\History.txt' in shortcut areas.
Checking for 'C:\Program Files\BearShare\History.txt' in startup areas.
Cleaning 'C:\Program Files\BearShare\History.txt'
Checking for 'C:\Program Files\BearShare\INSTALL.LOG' in shortcut areas.
Checking for 'C:\Program Files\BearShare\INSTALL.LOG' in startup areas.
Cleaning 'C:\Program Files\BearShare\INSTALL.LOG'
Checking for 'C:\Program Files\BearShare\Logs\hosts-state.txt' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Logs\hosts-state.txt' in startup areas.
Cleaning 'C:\Program Files\BearShare\Logs\hosts-state.txt'
Checking for 'C:\Program Files\BearShare\Logs\memory.txt' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Logs\memory.txt' in startup areas.
Cleaning 'C:\Program Files\BearShare\Logs\memory.txt'
Checking for 'C:\Program Files\BearShare\Logs\ordinal.txt' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Logs\ordinal.txt' in startup areas.
Cleaning 'C:\Program Files\BearShare\Logs\ordinal.txt'
Checking for 'C:\Program Files\BearShare\Logs\streams.txt' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Logs\streams.txt' in startup areas.
Cleaning 'C:\Program Files\BearShare\Logs\streams.txt'
Checking for 'C:\Program Files\BearShare\sounds\notify.wav' in shortcut areas.
Checking for 'C:\Program Files\BearShare\sounds\notify.wav' in startup areas.
Cleaning 'C:\Program Files\BearShare\sounds\notify.wav'
Checking for 'C:\Program Files\BearShare\Temp\TMP01-rob_thomas-this_is_how_a_heart_breaks.dat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp\TMP01-rob_thomas-this_is_how_a_heart_breaks.dat' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp\TMP01-rob_thomas-this_is_how_a_heart_breaks.dat'
Checking for 'C:\Program Files\BearShare\Temp\TMP01-rob_thomas-this_is_how_a_heart_breaks.mp3' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp\TMP01-rob_thomas-this_is_how_a_heart_breaks.mp3' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp\TMP01-rob_thomas-this_is_how_a_heart_breaks.mp3'
Checking for 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Give Back Yourself.dat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Give Back Yourself.dat' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Give Back Yourself.dat'
Checking for 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Give Back Yourself.mp3' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Give Back Yourself.mp3' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Give Back Yourself.mp3'
Checking for 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Something To Be-Retail - 6 - Something To Be.dat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Something To Be-Retail - 6 - Something To Be.dat' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Something To Be-Retail - 6 - Something To Be.dat'
Checking for 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Something To Be-Retail - 6 - Something To Be.mp3' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Something To Be-Retail - 6 - Something To Be.mp3' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp\TMPRob Thomas - Something To Be-Retail - 6 - Something To Be.mp3'
Checking for 'C:\Program Files\BearShare\Temp\TMProb thomas- lonley no more.dat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp\TMProb thomas- lonley no more.dat' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp\TMProb thomas- lonley no more.dat'
Checking for 'C:\Program Files\BearShare\Temp\TMProb thomas- lonley no more.mp3' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp\TMProb thomas- lonley no more.mp3' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp\TMProb thomas- lonley no more.mp3'
Checking for 'C:\Program Files\BearShare\UNWISE.EXE' in shortcut areas.
Checking for 'C:\Program Files\BearShare\UNWISE.EXE' in startup areas.
Cleaning 'C:\Program Files\BearShare\UNWISE.EXE'
Checking for 'C:\Program Files\BearShare\Webstats.bat' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Webstats.bat' in startup areas.
Cleaning 'C:\Program Files\BearShare\Webstats.bat'
Checking for 'C:\Program Files\BearShare\Webstats.ini' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Webstats.ini' in startup areas.
Cleaning 'C:\Program Files\BearShare\Webstats.ini'
Checking for 'C:\Program Files\BearShare\BSidle.dll' in shortcut areas.
Checking for 'C:\Program Files\BearShare\BSidle.dll' in startup areas.
Cleaning 'C:\Program Files\BearShare\BSidle.dll'
[SCANMODS] The file 'C:\Program Files\BearShare\BSidle.dll' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BearShare\db' in shortcut areas.
Checking for 'C:\Program Files\BearShare\db' in startup areas.
Cleaning 'C:\Program Files\BearShare\db'
[SCANMODS] The file 'C:\Program Files\BearShare\db' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BearShare\Extras' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Extras' in startup areas.
Cleaning 'C:\Program Files\BearShare\Extras'
[SCANMODS] The file 'C:\Program Files\BearShare\Extras' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BearShare\Installer' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Installer' in startup areas.
Cleaning 'C:\Program Files\BearShare\Installer'
[SCANMODS] The file 'C:\Program Files\BearShare\Installer' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BearShare\Logs' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Logs' in startup areas.
Cleaning 'C:\Program Files\BearShare\Logs'
[SCANMODS] The file 'C:\Program Files\BearShare\Logs' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BearShare\Playlists' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Playlists' in startup areas.
Cleaning 'C:\Program Files\BearShare\Playlists'
[SCANMODS] The file 'C:\Program Files\BearShare\Playlists' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BearShare\sounds' in shortcut areas.
Checking for 'C:\Program Files\BearShare\sounds' in startup areas.
Cleaning 'C:\Program Files\BearShare\sounds'
[SCANMODS] The file 'C:\Program Files\BearShare\sounds' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BearShare\Temp' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Temp' in startup areas.
Cleaning 'C:\Program Files\BearShare\Temp'
[SCANMODS] The file 'C:\Program Files\BearShare\Temp' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BearShare\Webstats' in shortcut areas.
Checking for 'C:\Program Files\BearShare\Webstats' in startup areas.
Cleaning 'C:\Program Files\BearShare\Webstats'
[SCANMODS] The file 'C:\Program Files\BearShare\Webstats' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\BullsEye Network' in shortcut areas.
Checking for 'C:\Program Files\BullsEye Network' in startup areas.
Cleaning 'C:\Program Files\BullsEye Network'
Checking for 'C:\Program Files\BullsEye Network\bin' in shortcut areas.
Checking for 'C:\Program Files\BullsEye Network\bin' in startup areas.
Cleaning 'C:\Program Files\BullsEye Network\bin'
[SCANMODS] The file 'C:\Program Files\BullsEye Network\bin' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\FunWebProducts' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts'
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html'
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html'
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html'
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html'
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html'
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\temp.html' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts\Shared\Cache\temp.html' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts\Shared\Cache\temp.html'
Checking for 'C:\Program Files\FunWebProducts\Shared' in shortcut areas.
Checking for 'C:\Program Files\FunWebProducts\Shared' in startup areas.
Cleaning 'C:\Program Files\FunWebProducts\Shared'
[SCANMODS] The file 'C:\Program Files\FunWebProducts\Shared' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Media Access' in shortcut areas.
Checking for 'C:\Program Files\Media Access' in startup areas.
Cleaning 'C:\Program Files\Media Access'
Checking for 'C:\Program Files\MyWebSearch' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL'
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\0003BAB6' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\0003BAB6' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\0003BAB6'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\001EF2E9' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\001EF2E9' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\001EF2E9'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\00AEB353.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\00AEB353.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\00AEB353.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\00AEB509.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\00AEB509.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\00AEB509.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\00AEB799.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\00AEB799.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\00AEB799.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\00AEB910.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\00AEB910.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\00AEB910.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\01ED5390' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\01ED5390' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\01ED5390'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\034A1434.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\034A1434.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\034A1434.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\034A151E.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\034A151E.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\034A151E.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\13D780C8.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\13D780C8.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\13D780C8.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\13D781A3.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\13D781A3.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\13D781A3.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\13D7830A.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\13D7830A.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\13D7830A.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\13D783E5.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\13D783E5.bin' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\13D783E5.bin'
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\files.ini' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Cache\files.ini' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Cache\files.ini'
Checking for 'C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S'
Checking for 'C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S'
Checking for 'C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S'
Checking for 'C:\Program Files\MyWebSearch\bar\History\search' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\History\search' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\History\search'
Checking for 'C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm'
Checking for 'C:\Program Files\MyWebSearch\bar\Settings\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Settings\settings.dat' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Settings\settings.dat'
Checking for 'C:\Program Files\MyWebSearch\bar\Settings\settings.htm' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Settings\settings.htm' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Settings\settings.htm'
Checking for 'C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat'
Checking for 'C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL'
Checking for 'C:\Program Files\MyWebSearch\bar' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar'
[SCANMODS] The file 'C:\Program Files\MyWebSearch\bar' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL' in shortcut areas.
Checking for 'C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL' in startup areas.
Cleaning 'C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL'
[SCANMODS] The file 'C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\NaviSearch' in shortcut areas.
Checking for 'C:\Program Files\NaviSearch' in startup areas.
Cleaning 'C:\Program Files\NaviSearch'
Checking for 'C:\Program Files\NaviSearch\bin' in shortcut areas.
Checking for 'C:\Program Files\NaviSearch\bin' in startup areas.
Cleaning 'C:\Program Files\NaviSearch\bin'
[SCANMODS] The file 'C:\Program Files\NaviSearch\bin' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\VBouncer' in shortcut areas.
Checking for 'C:\Program Files\VBouncer' in startup areas.
Cleaning 'C:\Program Files\VBouncer'
Checking for 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico' in shortcut areas.
Checking for 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico' in startup areas.
Cleaning 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico'
Checking for 'C:\WINDOWS\system32\virushunter4.ico' in shortcut areas.
Checking for 'C:\WINDOWS\system32\virushunter4.ico' in startup areas.
Cleaning 'C:\WINDOWS\system32\virushunter4.ico'
Finished Cleaning
  • 0

#12
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Post me the following:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post
- Rawe :tazz:
  • 0

#13
Treach2001

Treach2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 7.0 Professional
Adobe Reader 6.0.1
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Banctec Service Agreement
BlackBerry Desktop Manager 3.6
Broadcom Management Programs 2
Business Contact Manager for Outlook 2003
CC_ccProxyExt
ccCommon
ccPxyCore
CleanUp!
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell Wireless WLAN Card
Digital Line Detect
Encompass
Encompass Personal Edition Installation Manager
ePASS Express
ewido security suite
File, Print FedEx Kinko's
HijackThis 1.99.1
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
Intel® Graphics Media Accelerator Driver for Mobile
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Magic ISO Maker v3.60 (build 0067)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Broadband Networking
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (EMMSDE)
Microsoft Visual J# .NET Redistributable Package 1.1
Modem Helper
MSN
MSN Messenger 7.0
MSRedist
Musicmatch® Jukebox
My Way Search Assistant
Napster
Napster Burn Engine
NetWaiting
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
OpenMG Limited Patch 4.1-05-14-24-01
OpenMG Secure Module 4.1.00
Originator Express
Point
PowerDVD 5.3
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SonicStage 3.1
SPBBC
Station LaunchPad
Surf SideKick
Symantec Script Blocking Installer
SymNet
Twain Driver Uninstaller
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinTools.net Professional
WordPerfect Office 12
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
  • 0

#14
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot. IF the update does not work or you can't find the tab anywhere, download the latest Java here but DON'T install it yet:

http://www.java.com/...load/manual.jsp

After downloaded,

Uninstall:

Java 2 Runtime Environment, SE v1.4.2_03
My Way Search Assistant
Surf SideKick
Viewpoint Media Player

Delete these folders if present:


C:\Program Files\BearShare\
C:\Program Files\BullsEye Network\
C:\Program Files\FunWebProducts\
C:\Program Files\Media Access
C:\Program Files\MyWebSearch\
C:\Program Files\NaviSearch
C:\Program Files\VBouncer
C:\Program Files\SurfSideKick

Empty recycle bin..

Install the latest Java now. (Unless the updating worked).

Then reboot again.. Post a fresh HijackThis log.

- Rawe :tazz:
  • 0

#15
Treach2001

Treach2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It will not allow me to delete the Surfsidekick 3. The error message says:

Cannot delete SskCore: It is being used by another person or program.
Close any programs that mighe be using the file and try again.

Any suggestions?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP