Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Another WinFixer et al [RESOLVED]


  • This topic is locked This topic is locked

#16
torm

torm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Sigh. Nevermind, they're gone again. Once everything was done loading (this computer is slow and heavily infested), the cmd.exe screen popped up again and killed explorer without producing a log.
  • 0

Advertisements


#17
torm

torm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here's the new additions to the process list:

gcasServ.exe
LUCOMS~1.exe
pokapoka63.exe

I'm trying to mentally go back through what I've done. Is there something preventing l2m from creating a log or finishing what it's supposed to do? Is it supposed to stop where I'm seeing it stop? When I tried to start a new process (explorer.exe) it just had it run l2m again, to the same effect. Is there any way I can get l2m to stop running so I can "start over"? Not having a desktop is rather unnerving, especially when I'm trying to fix the computer. Not make things worse. :tazz:

Thanks for the help so far. I see other people are viewing too.
  • 0

#18
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok, please don't try anything else. We are going to manually get rid of this infection.

your desktop all set again?

:tazz:

Excal
  • 0

#19
torm

torm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
No it's still gone. When I ran explorer.exe, the cmd.exe automatically ran and got rid of it again.
  • 0

#20
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok, whats in Proccess again


Excal
  • 0

#21
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Post a Hijackthis log please



Excal
  • 0

#22
torm

torm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:20:42 AM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\windows\system32\pounusq.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\slggdl.exe
C:\WINDOWS\system\iateqr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hddlaju\Ejpra.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Hsokxpe] C:\Program Files\Hddlaju\Ejpra.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe"
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitevot32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\slggdl.exe reg_run
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\chris\Desktop\l2mfix\l2mfix\second.bat
O4 - HKLM\..\Run: [zvzcabq] c:\windows\system32\pounusq.exe r
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\frntsub.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


------

All the same processes as before, plus the three new ones. No explorer.exe.
  • 0

#23
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
open Hijackthis and do a scan. Please check off the following items:

O4 - HKLM\..\Run: [second] C:\Documents and Settings\chris\Desktop\l2mfix\l2mfix\second.bat

click FIX CHECKED then close Hijackthis

reboot

explorer should be back then run OPTION #1 again, then post those results. Please don't do anything else after that until I supply you with a fix.


Thanks,

:tazz:

Excal
  • 0

#24
torm

torm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
L2MFIX find log 1.03c
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\frntsub.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A6571C36-31F8-0FCE-C148-156DA90A7376}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{4EC26602-4807-40FE-A40F-1A41E4D40C78}"="Dell DJ Explorer"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is BCC1-B97D

Directory of C:\WINDOWS\System32

08/18/2005 02:31 AM 233,420 mvjet40.dll
08/18/2005 02:29 AM 233,420 guard.tmp
08/18/2005 01:11 AM 233,420 wknipsec(2)(2).dll
08/18/2005 01:05 AM 233,420 insecsnp.dll
08/18/2005 01:04 AM 233,420 ir48l5hu1.dll
08/17/2005 01:53 PM 233,420 mvj2l91o1.dll
08/17/2005 01:52 PM 233,420 wkpui.dll
08/16/2005 11:11 PM 233,420 aza6la1s1d.dll
08/16/2005 02:13 PM 233,420 m864lijq18oe.dll
08/16/2005 02:12 PM 233,420 bnowselc.dll
08/16/2005 10:49 AM 233,420 jt0007dme.dll
08/16/2005 10:48 AM 233,420 mkl4l93q1.dll
08/16/2005 06:56 AM 233,420 fp8003lme.dll
08/16/2005 06:52 AM 233,420 n0l8la3u1d.dll
08/15/2005 11:21 PM 233,420 tMpi32(2)(2).dll
08/15/2005 06:32 AM 233,420 gp82l3lo1.dll
08/14/2005 03:35 PM 233,420 jt0u07d9e.dll
08/14/2005 03:34 PM 233,420 mchtmled.dll
08/13/2005 11:13 PM 233,420 r2p80c7uef.dll
08/13/2005 09:01 PM 233,420 mvl4l93q1.dll
08/13/2005 09:00 PM 233,420 uwpnpmgr(2)(2).dll
08/12/2005 10:21 AM 234,317 lv2s09f7e.dll
08/11/2005 11:04 PM <DIR> dllcache
08/11/2005 03:54 PM 234,577 ktnml7511.dll
08/11/2005 03:35 PM 233,552 g2lm0c31ef.dll
08/09/2005 08:50 AM 233,420 ktr2l79o1.dll
08/09/2005 08:02 AM 233,420 dn4u01h9e.dll
08/08/2005 04:43 PM 233,420 mvrddm.dll
08/07/2005 08:36 PM 233,248 q2ps0c77ef.dll
08/07/2005 08:35 PM 233,248 wdbcheck.dll
08/07/2005 04:35 PM 233,248 WIDRMNet.dll
08/06/2005 11:30 PM 233,248 k2lqlc351f.dll
08/06/2005 08:00 PM 233,248 hr4s05h7e.dll
08/06/2005 07:59 PM 233,248 rqutils(2).dll
08/06/2005 05:40 PM 233,248 lvp0097me.dll
08/06/2005 11:00 AM 233,248 k6620gjoe6oc0.dll
08/06/2005 10:58 AM 233,248 wvpcd.dll
08/05/2005 09:09 PM 233,248 j40sled71h0.dll
08/05/2005 01:12 PM 233,248 n68olgl316q.dll
08/05/2005 07:17 AM 233,248 i024lafq1d2e.dll
08/05/2005 05:59 AM 233,248 gpr0l39m1.dll
08/04/2005 11:16 PM 233,248 arferror.dll
08/04/2005 11:16 PM 233,526 l8p20i7oe8.dll
08/04/2005 10:53 PM 233,698 l0n40a5qed.dll
08/04/2005 10:46 PM 234,388 h04mlah11d4.dll
08/04/2005 10:40 PM 233,537 k6lqlg3516.dll
08/04/2005 10:40 PM 233,248 mmtask.dll
08/04/2005 07:53 PM 233,248 irn6l55s1.dll
08/04/2005 07:52 PM 233,248 mtrecr40.dll
08/04/2005 11:20 AM 233,248 gpp8l37u1.dll
08/04/2005 11:19 AM 233,248 medrv.dll
08/01/2005 12:26 PM 233,248 j44o0eh3eh4.dll
08/01/2005 12:25 PM 233,248 nhinstnt.dll
07/31/2005 03:54 PM 234,547 hrp0057me.dll
07/30/2005 04:57 PM 233,248 wH2time(3)(2).dll
07/30/2005 12:13 PM 235,264 d6j02g1mg6.dll
07/29/2005 11:20 PM 234,858 j0j6la1s1d.dll
07/29/2005 11:35 AM 233,248 s888lilu18q8.dll
07/29/2005 11:34 AM 233,248 lacalsec.dll
07/28/2005 07:38 PM 233,248 lv4s09h7e.dll
07/28/2005 05:35 PM 233,248 bdowsewm.dll
07/28/2005 12:03 PM 233,248 azamla111d.dll
07/27/2005 02:51 PM 233,248 swrio600.dll
07/24/2005 12:17 PM 233,248 azaul7d91.dll
07/24/2005 11:02 AM 233,248 ir6sl5j71.dll
07/24/2005 10:33 AM 233,248 kt0ul7d91.dll
07/23/2005 09:00 PM 233,248 wvpshell.dll
07/23/2005 02:59 AM 233,248 l06o0aj3edo.dll
07/23/2005 01:06 AM 233,248 pbofmap(2).dll
07/22/2005 10:33 PM 234,606 q2pslc771f.dll
07/22/2005 10:32 PM 234,606 wfnhttp(2).dll
07/22/2005 01:20 AM 233,248 mv86l9ls1.dll
07/21/2005 09:00 PM 233,248 hyetcfg(3)(2).dll
07/21/2005 07:44 PM 233,248 kvdinben.dll
07/21/2005 07:43 PM 233,248 ihsecsvc(3).dll
07/19/2005 10:09 PM 234,606 l4n40e5qeh.dll
07/19/2005 09:01 PM 234,606 kmuser.dll
07/19/2005 06:12 PM 234,272 e0jmla111d.dll
07/17/2005 10:13 AM 234,606 jtjm0711e.dll
05/12/2005 06:26 PM 848 KGyGaAvL.sys
03/12/2005 11:07 AM 56 8E8CF40500.sys
03/06/2005 04:56 PM <DIR> Microsoft
80 File(s) 18,215,974 bytes
2 Dir(s) 44,699,942,912 bytes free
  • 0

#25
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.


REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A6571C36-31F8-0FCE-C148-156DA90A7376}"=-
"SV1"=""



Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Open Pocket Killbox and Copy the file names below to the clipboard by highlighting them and pressing Control-C:

then go to the File menu, and choose "Paste from Clipboard".

C:\WINDOWS\System32\mvjet40.dll
C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\wknipsec(2)(2).dll
C:\WINDOWS\System32\insecsnp.dll
C:\WINDOWS\System32\ir48l5hu1.dll
C:\WINDOWS\System32\mvj2l91o1.dll
C:\WINDOWS\System32\wkpui.dll
C:\WINDOWS\System32\aza6la1s1d.dll
C:\WINDOWS\System32\m864lijq18oe.dll
C:\WINDOWS\System32\bnowselc.dll
C:\WINDOWS\System32\jt0007dme.dll
C:\WINDOWS\System32\mkl4l93q1.dll
C:\WINDOWS\System32\fp8003lme.dll
C:\WINDOWS\System32\n0l8la3u1d.dll
C:\WINDOWS\System32\tMpi32(2)(2).dll
C:\WINDOWS\System32\gp82l3lo1.dll
C:\WINDOWS\System32\jt0u07d9e.dll
C:\WINDOWS\System32\mchtmled.dll
C:\WINDOWS\System32\r2p80c7uef.dll
C:\WINDOWS\System32\mvl4l93q1.dll
C:\WINDOWS\System32\uwpnpmgr(2)(2).dll
C:\WINDOWS\System32\lv2s09f7e.dll
C:\WINDOWS\System32\ktnml7511.dll
C:\WINDOWS\System32\g2lm0c31ef.dll
C:\WINDOWS\System32\ktr2l79o1.dll
C:\WINDOWS\System32\dn4u01h9e.dll
C:\WINDOWS\System32\mvrddm.dll
C:\WINDOWS\System32\q2ps0c77ef.dll
C:\WINDOWS\System32\wdbcheck.dll
C:\WINDOWS\System32\WIDRMNet.dll
C:\WINDOWS\System32\k2lqlc351f.dll
C:\WINDOWS\System32\hr4s05h7e.dll
C:\WINDOWS\System32\rqutils(2).dll
C:\WINDOWS\System32\lvp0097me.dll
C:\WINDOWS\System32\k6620gjoe6oc0.dll
C:\WINDOWS\System32\wvpcd.dll
C:\WINDOWS\System32\j40sled71h0.dll
C:\WINDOWS\System32\n68olgl316q.dll
C:\WINDOWS\System32\i024lafq1d2e.dll
C:\WINDOWS\System32\gpr0l39m1.dll
C:\WINDOWS\System32\arferror.dll
C:\WINDOWS\System32\l8p20i7oe8.dll
C:\WINDOWS\System32\l0n40a5qed.dll
C:\WINDOWS\System32\h04mlah11d4.dll
C:\WINDOWS\System32\k6lqlg3516.dll
C:\WINDOWS\System32\mmtask.dll
C:\WINDOWS\System32\irn6l55s1.dll
C:\WINDOWS\System32\mtrecr40.dll
C:\WINDOWS\System32\gpp8l37u1.dll
C:\WINDOWS\System32\medrv.dll
C:\WINDOWS\System32\j44o0eh3eh4.dll
C:\WINDOWS\System32\nhinstnt.dll
C:\WINDOWS\System32\hrp0057me.dll
C:\WINDOWS\System32\wH2time(3)(2).dll
C:\WINDOWS\System32\d6j02g1mg6.dll
C:\WINDOWS\System32\j0j6la1s1d.dll
C:\WINDOWS\System32\s888lilu18q8.dll
C:\WINDOWS\System32\lacalsec.dll
C:\WINDOWS\System32\lv4s09h7e.dll
C:\WINDOWS\System32\bdowsewm.dll
C:\WINDOWS\System32\azamla111d.dll
C:\WINDOWS\System32\swrio600.dll
C:\WINDOWS\System32\azaul7d91.dll
C:\WINDOWS\System32\ir6sl5j71.dll
C:\WINDOWS\System32\kt0ul7d91.dll
C:\WINDOWS\System32\wvpshell.dll
C:\WINDOWS\system32\frntsub.dll
C:\WINDOWS\System32\l06o0aj3edo.dll
C:\WINDOWS\System32\pbofmap(2).dll
C:\WINDOWS\System32\q2pslc771f.dll
C:\WINDOWS\System32\wfnhttp(2).dll
C:\WINDOWS\System32\mv86l9ls1.dll
C:\WINDOWS\System32\hyetcfg(3)(2).dll
C:\WINDOWS\System32\kvdinben.dll
C:\WINDOWS\System32\ihsecsvc(3).dll
C:\WINDOWS\System32\l4n40e5qeh.dll
C:\WINDOWS\System32\kmuser.dll
C:\WINDOWS\System32\e0jmla111d.dll
C:\WINDOWS\System32\jtjm0711e.dll
C:\WINDOWS\System32\8E8CF40500.sys


place a tick by the follow boxes:

"replace on reboot"
"Use Dummy"


Click the Red Circle with the White X in the Middle to Delete!

Upon reboot into normal.

Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please Run Option #1 again and post results.
  • 0

Advertisements


#26
torm

torm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
L2MFIX find log 1.03c
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"iebar"=" "
"acc="=" "
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{4EC26602-4807-40FE-A40F-1A41E4D40C78}"="Dell DJ Explorer"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is BCC1-B97D

Directory of C:\WINDOWS\System32

08/11/2005 11:04 PM <DIR> dllcache
05/12/2005 06:26 PM 848 KGyGaAvL.sys
03/06/2005 04:56 PM <DIR> Microsoft
1 File(s) 848 bytes
2 Dir(s) 44,687,904,768 bytes free
  • 0

#27
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
HOLY Snikeys, we got them all first shot!! yahooo!!! :)

Ok, open kill box up. Go to file, then down to delete all dummy files, then hit Yes.

Please post me a fresh HiJackthis log so we can clean up everything else.


Thanks,

:tazz:

Excal

Edited by Excal, 18 August 2005 - 03:24 AM.

  • 0

#28
torm

torm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:25:33 AM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\psdohii.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hddlaju\Ejpra.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\slggdl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\dinst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Hsokxpe] C:\Program Files\Hddlaju\Ejpra.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe"
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitevot32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\slggdl.exe reg_run
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [fvrjxes] c:\windows\system32\psdohii.exe r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

------
Another HJT log fresh off the press. What did we slay? Thanks for sticking in here for so long. I'm getting pretty tired but as long as you're willing to stay up, I'll be here too. :tazz:
  • 0

#29
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Yea I am dying here....lol. Kids will be up in 2 1/2 hours or so...yikes

Right click on the Microsoft/Giant AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it after the fix, you follow the same steps but click on Enable Real-time Protection.


DOWNLOAD PROGRAMS


Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates Do NOT run a scan yet. (if you already have, please just update)

Download LQfix Here
save it to your desktop, please do not use yet

Please download Nailfix from Here
please do NOT run it yet.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Once in Safe Mode, please double-click on
Nailfix.exe on your desktop. Click next, then finished. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Hsokxpe] C:\Program Files\Hddlaju\Ejpra.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe"
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitevot32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\slggdl.exe reg_run
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [fvrjxes] c:\windows\system32\psdohii.exe r
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe


9. click the Fix Checked box

10. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Hddlaju

11. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe
C:\WINDOWS\system32\slggdl.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\system32\n20050308.EXE
c:\windows\system32\psdohii.exe
Use start> Search to find these:
Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.
BITDEFENDERX.EXE
D0CE0C16B1


12. Double click on LQFix program u downloaded.
A doswindow will open and close again, this is normal.

13. Run the program CleanUp!

14. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

15. Please post an Active scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#30
torm

torm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:44:58 AM, 8/18/2005
+ Report-Checksum: 2A17DC01

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\motoin -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1957994488-115176313-839522115-1004\Software\LQ -> Dialer.Generic : Cleaned with backup
[1564] c:\windows\system32\dtdnom.exe -> Adware.BetterInternet : Cleaned with backup
:mozilla.7:C:\Documents and Settings\barb\Application Data\Mozilla\Firefox\Profiles\1f6s8e1m.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\barb\Application Data\Mozilla\Firefox\Profiles\1f6s8e1m.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@ehg-comcast.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\barb\Cookies\barb@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\barb\Local Settings\Temp\Cookies\barb@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\barb\Local Settings\Temp\Cookies\barb@ehg-comcast.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barb\Local Settings\Temp\Cookies\barb@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\barb\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZKJ0WOA4\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\barb\Local Settings\Temp\WMZ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\barb\Local Settings\Temp\YQT\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\barb\Local Settings\Temporary Internet Files\Content.IE5\BC6CLIPY\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\barb\Local Settings\Temporary Internet Files\Content.IE5\O7WFSH0P\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@e-2dj6wfkyshcpwho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\chelsea\Cookies\chelsea@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@ehg-citrixonline.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Cookies\chelsea@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\f3528656.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\GIF\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ345U7\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\chelsea\Local Settings\Temporary Internet Files\Content.IE5\8XE3KXE3\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
:mozilla.6:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\ma3oblzk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\ma3oblzk.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.32:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\ma3oblzk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\chris\Cookies\chris@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\chris\Cookies\chris@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\chris\Cookies\chris@ehg-comcast.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chris\Cookies\chris@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chris\Cookies\chris@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\chris\Cookies\chris@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\chris\Cookies\chris@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\chris\Cookies\chris@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\ANH\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\APN\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\COH\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Cookies\chris@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\DSO\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\EWZ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\IFG\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\JWX\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\KAT\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\KYD\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\LXO\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\NOH\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\nst1DC.EXE -> Spyware.SmartPops : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\PCZ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\ROJ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XMB01QF\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9Q74XUJ\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\UWZ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\VCQ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\VTF\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\VVC\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\WIO\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\XFR\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temp\ZPA\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\4HIFC5EF\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\chris\Local Settings\Temporary Internet Files\Content.IE5\P8IJBCDE\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
:mozilla.13:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\frrici5n.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\frrici5n.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.16:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\frrici5n.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\frrici5n.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.41:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\frrici5n.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\frrici5n.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.43:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\frrici5n.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.54:C:\Documents and Settings\jess\Application Data\Mozilla\Firefox\Profiles\frrici5n.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\jess\Cookies\jess@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\jess\Cookies\jess@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\jess\Cookies\jess@ehg-comcast.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jess\Cookies\jess@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\jess\Cookies\jess@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jess\Cookies\jess@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\jess\Cookies\jess@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\3D.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\bw2.com -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@a.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@ehg-comcast.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\Cookies\jess@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\JNU\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\PEJ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\res7C.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\jess\Local Settings\Temp\ZPL\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Hddlaju\Ejpra.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CF626F9-1662-4348-B8C8-AA4589\4AF706F7-8399-418C-A3C3-F09D64 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CF626F9-1662-4348-B8C8-AA4589\8A634BB0-9D72-4BB1-8C2B-721B49 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CF626F9-1662-4348-B8C8-AA4589\B777D5E1-83CA-42C6-8853-171F94 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4BA868EB-AF19-4AD9-B805-95E9A7\75F91CC7-C7E1-431F-BF06-07AD4D -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5CB1F6A3-9574-42D0-A2BA-6E04DC\D17B3FE5-6BA5-43EF-8827-0A65BE -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ABAB3B9A-08C3-4D8F-8CF2-C6618C\E27E5DEF-2D2C-4124-A230-0CD47C -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E0E6FC5B-1CDA-447D-AAD5-D8DBB4\D5926BF2-BC61-4BDE-9B21-3101FF -> TrojanDownloader.Delmed.b : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka63.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_63.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\iuljgvnoga.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system\iateqr.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\system32\CdmFiles\ffkbfbmtxe.dll -> Spyware.SmartPops : Cleaned with backup
C:\WINDOWS\system32\CdmFiles\ffkbfbmtxe.exe -> Spyware.SmartPops : Cleaned with backup
C:\WINDOWS\system32\datadx.dll_tobedeleted -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\dtdnom.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\elitefmt32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteicm32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteizx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitelgc32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitenrz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitevlo32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitevot32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitewoe32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\kdggwdf.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\system32\temperror32.dat -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\WINDOWS\Temp\Cookies\chris@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jess@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\Temp\upd204.exe -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\Temp\upd205.exe -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\Temp\upd206.exe -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\Temp\upd207.exe -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\Temp\upd208.exe -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\Temp\upd209.exe -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\x.bat -> Trojan.LowZones.f : Cleaned with backup


::Report End
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP