Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hjack this log pls help

Started by iamthanoob , Sep 25 2005 10:10 AM

  • Please log in to reply

#1
iamthanoob
Posted 25 September 2005 - 10:10 AM

iamthanoob

    New Member

  • Member
  • Pip
  • 5 posts
hi i am new to this forum the reason i am here is becuase i probably have spywarei am beign redirected to msn when i search google sometimes to other sites also today i started seeing some popups without having my ie open i used adaware and spybot deleted what they find but they keep reapearing so heres my hijackthis log thx for ur help

Logfile of HijackThis v1.99.1
Scan saved at 3:54:42 PM, on 5/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\matthew gili\My Documents\hjackthis\HijackThis.exe

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115754580124
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.c...tacceptlang.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

#2
tampabelle
Posted 25 September 2005 - 11:47 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Reboot back into Windows and post the Ewido scan report here.

Also please post a fresh HJT log after enabling all items in MSconfig, if you have disabled any items in MSconfig.
  • 0

#3
iamthanoob
Posted 25 September 2005 - 01:29 PM

iamthanoob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
thx a lot ur reply was indeed very fast but i still got redirected when i opened this site heres my logs i deleted everything since all of it were spyware or either cookies

hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 9:23:57 PM, on 9/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\PROGRA~1\Norton AntiVirus\navapw32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\matthew gili\My Documents\hjackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\program files\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\Norton AntiVirus\navapw32.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKCU\..\Run: [Spanish] C:\Program Files\Learn To Speak Japanese Demo V2.8\Study Conversation.exe
O4 - HKCU\..\Run: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127047580656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\hqcoin.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\System32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

ewido log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:16:42 PM, 9/25/2005
+ Report-Checksum: 6F0399F3

+ Scan result:

:mozilla.21:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.22:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.23:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.24:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.25:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.26:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.30:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.35:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Pstats : Cleaned with backup
:mozilla.47:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.86:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.88:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.89:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.94:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.95:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.96:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.97:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.98:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.99:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.103:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.104:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.105:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.112:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.113:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.114:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.115:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.120:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.121:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.123:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.138:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.140:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.194:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Itrack : Cleaned with backup
:mozilla.207:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.208:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.209:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.210:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.211:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.212:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.213:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.218:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.219:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.221:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.232:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.233:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.234:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.235:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.236:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.237:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.238:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.239:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.240:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.241:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.242:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.260:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.261:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.267:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.268:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.269:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.270:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.271:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.274:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.291:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.323:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.326:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.327:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.328:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.329:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.343:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.344:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.345:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.354:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.357:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.358:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.359:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.360:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.361:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.362:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.363:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.364:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.365:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.366:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.369:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.370:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.371:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.372:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.373:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.378:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.380:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.383:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.392:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.403:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.404:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.406:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.407:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.408:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.409:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.410:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.411:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.412:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.413:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.414:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.415:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.416:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.417:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.418:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.419:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.420:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.421:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.422:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.423:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.424:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.425:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.426:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.427:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.428:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.429:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.430:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.431:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.432:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.433:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.434:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.435:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.436:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.437:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.438:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.439:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.440:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.441:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.442:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.443:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.444:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.445:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.446:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.447:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.448:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.449:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.450:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.451:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.452:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.453:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.454:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.455:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.456:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.457:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.458:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.459:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.460:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.461:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.462:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.463:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.464:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.465:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.466:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.467:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.495:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.496:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.498:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.522:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.544:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.548:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.589:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.594:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.595:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.596:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.603:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.604:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.605:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.606:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.607:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.608:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.609:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.610:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.626:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.640:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.641:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.654:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.655:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.659:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Popularix : Cleaned with backup
:mozilla.665:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
:mozilla.682:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.683:C:\Documents and Settings\matthew gili\Application Data\Mozilla\Firefox\Profiles\ulq0cajh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew gili@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew [email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew gili@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew gili@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew gili@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew gili@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew gili@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew gili@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew gili@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\matthew gili\Cookies\matthew [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\CrackersKit\Packers\MEW11 1.2\mew11.exe -> TrojanDropper.AphexLace.a : Cleaned with backup
C:\Program Files\Kazaa Lite\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Spyware.WinAD : Cleaned with backup
C:\Temp\Installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\aaferror.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\aavpack.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\afphelp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\afrsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ahphelp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\aii3d1ag.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\attapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cdb.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\chedui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cmm.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cpedui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\daprop.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dbquery.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dFd8thk.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dhnet.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dhrgui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dodmoprp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dogest.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dpsshlex.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\drnmpntw.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\drnzip32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\drrgui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\drvmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dznet.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fsifs.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fvdrclnr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ibxrtmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ilsecsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iueshare.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\izxwan.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jhbexec.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jlcript.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kkdsl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kmdibm02.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mdimsg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mdxclu.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mfltus40.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mgimg32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\miutb.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mjlvw7.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\msang.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\muxex.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\oebcbcp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ohbc32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ojcache.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\oqbcjt32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pcrfts.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\qcdit.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rKsctrs.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rovpperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sgns.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sjlunirl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sllunirl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\smrialui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\snesrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\snncui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sonceng.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sxmapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\szmpapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wanbrand.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wgnstrm.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wjwfaxui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wznstrm.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\upd206.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\upd207.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\upd208.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\upd209.exe -> Spyware.Look2Me : Cleaned with backup


::Report End
  • 0

#4
tampabelle
Posted 25 September 2005 - 03:48 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
1. Run Firefox. Click on tools ---> options ---> Privacy.

Clear the cookies and cache.


2. Run Internet Explorer. Click on tools ---> Internet options. Delete cookies and Delete files.



3. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#5
iamthanoob
Posted 26 September 2005 - 03:19 AM

iamthanoob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
thx a lot for ur second reply heres my log

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hqcoin.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CC70EA8F-6E81-B6BE-A7F5-D1DE2233203F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{780BCB64-0CAF-473c-A9FC-E08C03D75515}"="Matroska Shell Extension, Properties Page CLSID"
"{78DC191E-EFC1-4532-9A71-224577A86A7D}"="Matroska Shell Extension, Thumbnail Handler CLSID"
"{794D04CA-70AC-4020-80EB-FFD59DEF8027}"="Matroska Shell Extension, Tooltip Provider CLSID"
"{789111D8-68A3-46a3-9663-145A3FF4C9C9}"="Matroska Shell Extension, ContextMenu CLSID"
"{781395AF-A127-469f-A06F-59B482AF4F3F}"="Matroska Shell Extension, Column Provider CLSID"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{3F1807BE-BEFA-4299-A403-D02A1157FA78}"=""
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{00000000-5736-4205-0100-781cd0e19f00}"="Steganos Internet Anonym Pro 7"
"{16F816F8-3477-4ADB-852B-64172EC7F341}"=""
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3F1807BE-BEFA-4299-A403-D02A1157FA78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3F1807BE-BEFA-4299-A403-D02A1157FA78}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3F1807BE-BEFA-4299-A403-D02A1157FA78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3F1807BE-BEFA-4299-A403-D02A1157FA78}\InprocServer32]
@="C:\\WINDOWS\\system32\\ilmontr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{16F816F8-3477-4ADB-852B-64172EC7F341}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{16F816F8-3477-4ADB-852B-64172EC7F341}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16F816F8-3477-4ADB-852B-64172EC7F341}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16F816F8-3477-4ADB-852B-64172EC7F341}\InprocServer32]
@="C:\\WINDOWS\\system32\\mg3216.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aglui.dll Thu Jul 21 2005 11:38:50p ..S.R 417,792 408.00 K
baowselc.dll Thu Jul 21 2005 10:57:20p ..S.R 417,792 408.00 K
clyptdll.dll Mon Sep 5 2005 10:40:04a ..S.R 417,792 408.00 K
dcsetup.dll Thu Jul 21 2005 11:32:44p ..S.R 417,792 408.00 K
dpdmoprp.dll Thu Jul 21 2005 10:45:04p ..S.R 417,792 408.00 K
dwnhupnp.dll Thu Jul 21 2005 10:51:14p ..S.R 417,792 408.00 K
eacapi.dll Tue Aug 9 2005 11:20:48a ..S.R 417,792 408.00 K
frapsvid.dll Mon Aug 15 2005 3:15:20p A.... 36,864 36.00 K
hqcoin.dll Fri Sep 16 2005 9:01:48a ..S.R 417,792 408.00 K
ihxsap.dll Thu Jul 21 2005 10:45:08p ..S.R 417,792 408.00 K
ilmontr.dll Mon Sep 26 2005 11:01:46a ..S.R 417,792 408.00 K
mg3216.dll Thu Jul 21 2005 11:49:58p ..S.R 417,792 408.00 K
mnrapi.dll Sun Sep 4 2005 5:11:08p ..S.R 417,792 408.00 K
mxcpxl32.dll Fri Jul 22 2005 11:54:42a ..S.R 417,792 408.00 K
nrxpnt.dll Sat Aug 6 2005 7:44:56p ..S.R 417,792 408.00 K
nv4_disp.dll Wed Jul 20 2005 9:07:00p A.... 3,908,864 3.73 M
nvcod.dll Wed Jul 20 2005 9:07:00p A.... 32,768 32.00 K
nvcodins.dll Wed Jul 20 2005 9:07:00p A.... 32,768 32.00 K
nvcpl.dll Wed Jul 20 2005 9:07:00p A.... 7,110,656 6.78 M
nvhwvid.dll Wed Jul 20 2005 9:07:00p A.... 540,672 528.00 K
nview.dll Wed Jul 20 2005 9:07:00p A.... 1,466,368 1.40 M
nvmctray.dll Wed Jul 20 2005 9:07:00p A.... 86,016 84.00 K
nvnt4cpl.dll Wed Jul 20 2005 9:07:00p A.... 286,720 280.00 K
nvoglnt.dll Wed Jul 20 2005 9:07:00p A.... 5,140,480 4.90 M
nvshell.dll Wed Jul 20 2005 9:07:00p A.... 466,944 456.00 K
nvwddi.dll Wed Jul 20 2005 9:07:00p A.... 81,920 80.00 K
nvwdmcpl.dll Wed Jul 20 2005 9:07:00p A.... 1,662,976 1.59 M
nvwimg.dll Wed Jul 20 2005 9:07:00p A.... 1,019,904 996.00 K
parfnet.dll Sat Sep 17 2005 10:37:16a ..S.R 417,792 408.00 K
pncrt.dll Sat Jul 2 2005 8:14:54p A.... 278,528 272.00 K
pndx5016.dll Sat Jul 2 2005 8:14:56p A.... 6,656 6.50 K
pndx5032.dll Sat Jul 2 2005 8:14:56p A.... 5,632 5.50 K
rdsadhlp.dll Tue Aug 9 2005 11:10:16a ..S.R 417,792 408.00 K
rmoc3260.dll Sat Jul 2 2005 8:15:06p A.... 176,167 172.04 K
rpcpldlg.dll Thu Jul 21 2005 11:45:02p ..... 417,792 408.00 K
rpipxmib.dll Tue Aug 9 2005 11:24:36a ..S.R 417,792 408.00 K
sirenacm.dll Sat Aug 13 2005 2:41:12p A.... 118,784 116.00 K
wpaservc.dll Thu Jul 21 2005 11:03:26p ..S.R 417,792 408.00 K
xvsp1res.dll Sun Sep 25 2005 11:26:40a ..S.R 417,792 408.00 K

39 items found: 39 files (19 H/S), 0 directories.
Total of file sizes: 30,815,527 bytes 29.39 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sun Sep 25 2005 10:12:52p ..S.R 417,792 408.00 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417,792 bytes 408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 4CDD-72F5

Directory of C:\WINDOWS\System32

09/26/2005 11:01 AM 417,792 ilmontr.dll
09/25/2005 10:12 PM 417,792 guard.tmp
09/25/2005 02:45 PM <DIR> dllcache
09/25/2005 11:26 AM 417,792 xvsp1res.dll
09/17/2005 10:37 AM 417,792 parfnet.dll
09/16/2005 09:01 AM 417,792 hqcoin.dll
09/05/2005 10:40 AM 417,792 clyptdll.dll
09/04/2005 05:11 PM 417,792 mnrapi.dll
08/09/2005 11:24 AM 417,792 rpipxmib.dll
08/09/2005 11:20 AM 417,792 eacapi.dll
08/09/2005 11:10 AM 417,792 rDsadhlp.dll
08/06/2005 07:44 PM 417,792 nrxpnt.dll
07/22/2005 11:54 AM 417,792 mxcpxl32.dLL
07/21/2005 11:49 PM 417,792 mg3216.dll
07/21/2005 11:38 PM 417,792 aglui.dll
07/21/2005 11:32 PM 417,792 dcsetup.dll
07/21/2005 11:03 PM 417,792 wpaservc.dll
07/21/2005 10:57 PM 417,792 baowselc.dll
07/21/2005 10:51 PM 417,792 dwnhupnp.dll
07/21/2005 10:45 PM 417,792 ihxsap.dll
07/21/2005 10:45 PM 417,792 dpdmoprp.dll
05/29/2005 04:37 PM 56 AC8FFDFC37.sys
05/13/2005 03:59 PM <DIR> Microsoft
21 File(s) 8,355,896 bytes
2 Dir(s) 4,036,313,088 bytes free
  • 0

#6
tampabelle
Posted 26 September 2005 - 07:43 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#7
iamthanoob
Posted 26 September 2005 - 08:35 AM

iamthanoob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
i was getting some errors during the scan abouth some zip i think anyway heres my logs thx for everything again

lm2fix log

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1168 'explorer.exe'
Killing PID 1168 'explorer.exe'
Killing PID 1168 'explorer.exe'
Killing PID 1168 'explorer.exe'
Killing PID 1168 'explorer.exe'
Killing PID 1168 'explorer.exe'
Killing PID 1168 'explorer.exe'
Killing PID 1168 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1180 'rundll32.exe'

Scanning First Pass. Please Wait!

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'
Killing PID 1164 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1176 'rundll32.exe'
Killing PID 1928 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\aglui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\aglui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\baowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\baowselc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\clyptdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\clyptdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dcsetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dcsetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpdmoprp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dpdmoprp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dwnhupnp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dwnhupnp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\eacapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\eacapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hqcoin.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hqcoin.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ihxsap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ihxsap.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ilmontr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ilmontr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mg3216.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mg3216.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnrapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mnrapi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxcpxl32.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxcpxl32.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nrxpnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nrxpnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\parfnet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\parfnet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rDsadhlp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rDsadhlp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rPcpldlg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rPcpldlg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rpipxmib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rpipxmib.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wpaservc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wpaservc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\xvsp1res.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\xvsp1res.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\aglui.dll
Successfully Deleted: C:\WINDOWS\system32\aglui.dll
deleting: C:\WINDOWS\system32\aglui.dll
Successfully Deleted: C:\WINDOWS\system32\aglui.dll
deleting: C:\WINDOWS\system32\baowselc.dll
Successfully Deleted: C:\WINDOWS\system32\baowselc.dll
deleting: C:\WINDOWS\system32\baowselc.dll
Successfully Deleted: C:\WINDOWS\system32\baowselc.dll
deleting: C:\WINDOWS\system32\clyptdll.dll
Successfully Deleted: C:\WINDOWS\system32\clyptdll.dll
deleting: C:\WINDOWS\system32\clyptdll.dll
Successfully Deleted: C:\WINDOWS\system32\clyptdll.dll
deleting: C:\WINDOWS\system32\dcsetup.dll
Successfully Deleted: C:\WINDOWS\system32\dcsetup.dll
deleting: C:\WINDOWS\system32\dcsetup.dll
Successfully Deleted: C:\WINDOWS\system32\dcsetup.dll
deleting: C:\WINDOWS\system32\dpdmoprp.dll
Successfully Deleted: C:\WINDOWS\system32\dpdmoprp.dll
deleting: C:\WINDOWS\system32\dpdmoprp.dll
Successfully Deleted: C:\WINDOWS\system32\dpdmoprp.dll
deleting: C:\WINDOWS\system32\dwnhupnp.dll
Successfully Deleted: C:\WINDOWS\system32\dwnhupnp.dll
deleting: C:\WINDOWS\system32\dwnhupnp.dll
Successfully Deleted: C:\WINDOWS\system32\dwnhupnp.dll
deleting: C:\WINDOWS\system32\eacapi.dll
Successfully Deleted: C:\WINDOWS\system32\eacapi.dll
deleting: C:\WINDOWS\system32\eacapi.dll
Successfully Deleted: C:\WINDOWS\system32\eacapi.dll
deleting: C:\WINDOWS\system32\hqcoin.dll
Successfully Deleted: C:\WINDOWS\system32\hqcoin.dll
deleting: C:\WINDOWS\system32\hqcoin.dll
Successfully Deleted: C:\WINDOWS\system32\hqcoin.dll
deleting: C:\WINDOWS\system32\ihxsap.dll
Successfully Deleted: C:\WINDOWS\system32\ihxsap.dll
deleting: C:\WINDOWS\system32\ihxsap.dll
Successfully Deleted: C:\WINDOWS\system32\ihxsap.dll
deleting: C:\WINDOWS\system32\ilmontr.dll
Successfully Deleted: C:\WINDOWS\system32\ilmontr.dll
deleting: C:\WINDOWS\system32\ilmontr.dll
Successfully Deleted: C:\WINDOWS\system32\ilmontr.dll
deleting: C:\WINDOWS\system32\mg3216.dll
Successfully Deleted: C:\WINDOWS\system32\mg3216.dll
deleting: C:\WINDOWS\system32\mg3216.dll
Successfully Deleted: C:\WINDOWS\system32\mg3216.dll
deleting: C:\WINDOWS\system32\mnrapi.dll
Successfully Deleted: C:\WINDOWS\system32\mnrapi.dll
deleting: C:\WINDOWS\system32\mnrapi.dll
Successfully Deleted: C:\WINDOWS\system32\mnrapi.dll
deleting: C:\WINDOWS\system32\mxcpxl32.dLL
Successfully Deleted: C:\WINDOWS\system32\mxcpxl32.dLL
deleting: C:\WINDOWS\system32\mxcpxl32.dLL
Successfully Deleted: C:\WINDOWS\system32\mxcpxl32.dLL
deleting: C:\WINDOWS\system32\nrxpnt.dll
Successfully Deleted: C:\WINDOWS\system32\nrxpnt.dll
deleting: C:\WINDOWS\system32\nrxpnt.dll
Successfully Deleted: C:\WINDOWS\system32\nrxpnt.dll
deleting: C:\WINDOWS\system32\parfnet.dll
Successfully Deleted: C:\WINDOWS\system32\parfnet.dll
deleting: C:\WINDOWS\system32\parfnet.dll
Successfully Deleted: C:\WINDOWS\system32\parfnet.dll
deleting: C:\WINDOWS\system32\rDsadhlp.dll
Successfully Deleted: C:\WINDOWS\system32\rDsadhlp.dll
deleting: C:\WINDOWS\system32\rDsadhlp.dll
Successfully Deleted: C:\WINDOWS\system32\rDsadhlp.dll
deleting: C:\WINDOWS\system32\rPcpldlg.dll
Successfully Deleted: C:\WINDOWS\system32\rPcpldlg.dll
deleting: C:\WINDOWS\system32\rPcpldlg.dll
Successfully Deleted: C:\WINDOWS\system32\rPcpldlg.dll
deleting: C:\WINDOWS\system32\rpipxmib.dll
Successfully Deleted: C:\WINDOWS\system32\rpipxmib.dll
deleting: C:\WINDOWS\system32\rpipxmib.dll
Successfully Deleted: C:\WINDOWS\system32\rpipxmib.dll
deleting: C:\WINDOWS\system32\wpaservc.dll
Successfully Deleted: C:\WINDOWS\system32\wpaservc.dll
deleting: C:\WINDOWS\system32\wpaservc.dll
Successfully Deleted: C:\WINDOWS\system32\wpaservc.dll
deleting: C:\WINDOWS\system32\xvsp1res.dll
Successfully Deleted: C:\WINDOWS\system32\xvsp1res.dll
deleting: C:\WINDOWS\system32\xvsp1res.dll
Successfully Deleted: C:\WINDOWS\system32\xvsp1res.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: aglui.dll (188 bytes security) (deflated 48%)
adding: baowselc.dll (188 bytes security) (deflated 48%)
adding: clyptdll.dll (188 bytes security) (deflated 48%)
adding: dcsetup.dll (188 bytes security) (deflated 48%)
adding: dpdmoprp.dll (188 bytes security) (deflated 48%)
adding: dwnhupnp.dll (188 bytes security) (deflated 48%)
adding: eacapi.dll (188 bytes security) (deflated 48%)
adding: hqcoin.dll (188 bytes security) (deflated 48%)
adding: ihxsap.dll (188 bytes security) (deflated 48%)
adding: ilmontr.dll (188 bytes security) (deflated 48%)
adding: mg3216.dll (188 bytes security) (deflated 48%)
adding: mnrapi.dll (188 bytes security) (deflated 48%)
adding: mxcpxl32.dLL (188 bytes security) (deflated 48%)
adding: nrxpnt.dll (188 bytes security) (deflated 48%)
adding: parfnet.dll (188 bytes security) (deflated 48%)
adding: rDsadhlp.dll (188 bytes security) (deflated 48%)
adding: rPcpldlg.dll (188 bytes security) (deflated 48%)
adding: rpipxmib.dll (188 bytes security) (deflated 48%)
adding: wpaservc.dll (188 bytes security) (deflated 48%)
adding: xvsp1res.dll (188 bytes security) (deflated 48%)
adding: guard.tmp (188 bytes security) (deflated 48%)
adding: clear.reg (188 bytes security) (deflated 2%)
adding: lo2.txt (188 bytes security) (deflated 91%)
adding: log.txt (188 bytes security) (stored 0%)
adding: regdump.arm9.txt (188 bytes security) (stored 0%)
adding: test.txt (188 bytes security) (deflated 89%)
adding: test2.txt (188 bytes security) (stored 0%)
adding: test3.txt (188 bytes security) (stored 0%)
adding: test5.txt (188 bytes security) (stored 0%)
adding: xfind.txt (188 bytes security) (deflated 86%)

Restoring Registry Permissions:

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:34:42 PM, on 9/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\matthew gili\My Documents\hjthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\program files\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\Norton AntiVirus\navapw32.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKCU\..\Run: [Spanish] C:\Program Files\Learn To Speak Japanese Demo V2.8\Study Conversation.exe
O4 - HKCU\..\Run: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\System32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#8
tampabelle
Posted 26 September 2005 - 09:36 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts

i was getting some errors during the scan abouth some zip i think

View Post



Can you be a bit more specific ??

Did the error pop-up while the l2mfix was running or while you were scanning with Hijack This ???


Also can you post the complete l2mfix log?? You will find it in the l2mfix folder.

Edited by tampabelle, 26 September 2005 - 09:39 AM.

  • 0

#9
iamthanoob
Posted 26 September 2005 - 10:29 AM

iamthanoob

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
umm the error were during the scan made by lm2fix it did not popup as files were beign scanned and deleted a couple of times it showed it said it couldint find some zip as for the log here it is

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hqcoin.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{CC70EA8F-6E81-B6BE-A7F5-D1DE2233203F}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{780BCB64-0CAF-473c-A9FC-E08C03D75515}"="Matroska Shell Extension, Properties Page CLSID"
"{78DC191E-EFC1-4532-9A71-224577A86A7D}"="Matroska Shell Extension, Thumbnail Handler CLSID"
"{794D04CA-70AC-4020-80EB-FFD59DEF8027}"="Matroska Shell Extension, Tooltip Provider CLSID"
"{789111D8-68A3-46a3-9663-145A3FF4C9C9}"="Matroska Shell Extension, ContextMenu CLSID"
"{781395AF-A127-469f-A06F-59B482AF4F3F}"="Matroska Shell Extension, Column Provider CLSID"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{3F1807BE-BEFA-4299-A403-D02A1157FA78}"=""
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{00000000-5736-4205-0100-781cd0e19f00}"="Steganos Internet Anonym Pro 7"
"{16F816F8-3477-4ADB-852B-64172EC7F341}"=""
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3F1807BE-BEFA-4299-A403-D02A1157FA78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3F1807BE-BEFA-4299-A403-D02A1157FA78}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3F1807BE-BEFA-4299-A403-D02A1157FA78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3F1807BE-BEFA-4299-A403-D02A1157FA78}\InprocServer32]
@="C:\\WINDOWS\\system32\\ilmontr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{16F816F8-3477-4ADB-852B-64172EC7F341}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{16F816F8-3477-4ADB-852B-64172EC7F341}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16F816F8-3477-4ADB-852B-64172EC7F341}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{16F816F8-3477-4ADB-852B-64172EC7F341}\InprocServer32]
@="C:\\WINDOWS\\system32\\mg3216.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aglui.dll Thu Jul 21 2005 11:38:50p ..S.R 417,792 408.00 K
baowselc.dll Thu Jul 21 2005 10:57:20p ..S.R 417,792 408.00 K
clyptdll.dll Mon Sep 5 2005 10:40:04a ..S.R 417,792 408.00 K
dcsetup.dll Thu Jul 21 2005 11:32:44p ..S.R 417,792 408.00 K
dpdmoprp.dll Thu Jul 21 2005 10:45:04p ..S.R 417,792 408.00 K
dwnhupnp.dll Thu Jul 21 2005 10:51:14p ..S.R 417,792 408.00 K
eacapi.dll Tue Aug 9 2005 11:20:48a ..S.R 417,792 408.00 K
frapsvid.dll Mon Aug 15 2005 3:15:20p A.... 36,864 36.00 K
hqcoin.dll Fri Sep 16 2005 9:01:48a ..S.R 417,792 408.00 K
ihxsap.dll Thu Jul 21 2005 10:45:08p ..S.R 417,792 408.00 K
ilmontr.dll Mon Sep 26 2005 11:01:46a ..S.R 417,792 408.00 K
mg3216.dll Thu Jul 21 2005 11:49:58p ..S.R 417,792 408.00 K
mnrapi.dll Sun Sep 4 2005 5:11:08p ..S.R 417,792 408.00 K
mxcpxl32.dll Fri Jul 22 2005 11:54:42a ..S.R 417,792 408.00 K
nrxpnt.dll Sat Aug 6 2005 7:44:56p ..S.R 417,792 408.00 K
nv4_disp.dll Wed Jul 20 2005 9:07:00p A.... 3,908,864 3.73 M
nvcod.dll Wed Jul 20 2005 9:07:00p A.... 32,768 32.00 K
nvcodins.dll Wed Jul 20 2005 9:07:00p A.... 32,768 32.00 K
nvcpl.dll Wed Jul 20 2005 9:07:00p A.... 7,110,656 6.78 M
nvhwvid.dll Wed Jul 20 2005 9:07:00p A.... 540,672 528.00 K
nview.dll Wed Jul 20 2005 9:07:00p A.... 1,466,368 1.40 M
nvmctray.dll Wed Jul 20 2005 9:07:00p A.... 86,016 84.00 K
nvnt4cpl.dll Wed Jul 20 2005 9:07:00p A.... 286,720 280.00 K
nvoglnt.dll Wed Jul 20 2005 9:07:00p A.... 5,140,480 4.90 M
nvshell.dll Wed Jul 20 2005 9:07:00p A.... 466,944 456.00 K
nvwddi.dll Wed Jul 20 2005 9:07:00p A.... 81,920 80.00 K
nvwdmcpl.dll Wed Jul 20 2005 9:07:00p A.... 1,662,976 1.59 M
nvwimg.dll Wed Jul 20 2005 9:07:00p A.... 1,019,904 996.00 K
parfnet.dll Sat Sep 17 2005 10:37:16a ..S.R 417,792 408.00 K
pncrt.dll Sat Jul 2 2005 8:14:54p A.... 278,528 272.00 K
pndx5016.dll Sat Jul 2 2005 8:14:56p A.... 6,656 6.50 K
pndx5032.dll Sat Jul 2 2005 8:14:56p A.... 5,632 5.50 K
rdsadhlp.dll Tue Aug 9 2005 11:10:16a ..S.R 417,792 408.00 K
rmoc3260.dll Sat Jul 2 2005 8:15:06p A.... 176,167 172.04 K
rpcpldlg.dll Thu Jul 21 2005 11:45:02p ..... 417,792 408.00 K
rpipxmib.dll Tue Aug 9 2005 11:24:36a ..S.R 417,792 408.00 K
sirenacm.dll Sat Aug 13 2005 2:41:12p A.... 118,784 116.00 K
wpaservc.dll Thu Jul 21 2005 11:03:26p ..S.R 417,792 408.00 K
xvsp1res.dll Sun Sep 25 2005 11:26:40a ..S.R 417,792 408.00 K

39 items found: 39 files (19 H/S), 0 directories.
Total of file sizes: 30,815,527 bytes 29.39 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sun Sep 25 2005 10:12:52p ..S.R 417,792 408.00 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417,792 bytes 408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 4CDD-72F5

Directory of C:\WINDOWS\System32

09/26/2005 11:01 AM 417,792 ilmontr.dll
09/25/2005 10:12 PM 417,792 guard.tmp
09/25/2005 02:45 PM <DIR> dllcache
09/25/2005 11:26 AM 417,792 xvsp1res.dll
09/17/2005 10:37 AM 417,792 parfnet.dll
09/16/2005 09:01 AM 417,792 hqcoin.dll
09/05/2005 10:40 AM 417,792 clyptdll.dll
09/04/2005 05:11 PM 417,792 mnrapi.dll
08/09/2005 11:24 AM 417,792 rpipxmib.dll
08/09/2005 11:20 AM 417,792 eacapi.dll
08/09/2005 11:10 AM 417,792 rDsadhlp.dll
08/06/2005 07:44 PM 417,792 nrxpnt.dll
07/22/2005 11:54 AM 417,792 mxcpxl32.dLL
07/21/2005 11:49 PM 417,792 mg3216.dll
07/21/2005 11:38 PM 417,792 aglui.dll
07/21/2005 11:32 PM 417,792 dcsetup.dll
07/21/2005 11:03 PM 417,792 wpaservc.dll
07/21/2005 10:57 PM 417,792 baowselc.dll
07/21/2005 10:51 PM 417,792 dwnhupnp.dll
07/21/2005 10:45 PM 417,792 ihxsap.dll
07/21/2005 10:45 PM 417,792 dpdmoprp.dll
05/29/2005 04:37 PM 56 AC8FFDFC37.sys
05/13/2005 03:59 PM <DIR> Microsoft
21 File(s) 8,355,896 bytes
2 Dir(s) 4,036,313,088 bytes free
  • 0

#10
tampabelle
Posted 26 September 2005 - 11:16 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Chances are that the file was corrupted.

Please delete l2mfix.exe and the l2mfolder.

Re-download l2mfix.exe from here -


http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP