Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

...yyy53.html popups, popunders, and flash popups [RESOLVED]


  • This topic is locked This topic is locked

#16
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Nope, still can't finish the scan. I also tried to disable some of the shield options in hopes that it would complete. Since it did not complete, I was unable to clean what it did find. Oddly enough, the program was working fine beforehand.

FYI: This is the Spy Sweeper log if it is of any use to you. I am going to uninstall and reinstall the program.
  • 0

Advertisements


#17
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
********
1:13 PM: | Start of Session, Sunday, October 30, 2005 |
1:13 PM: Spy Sweeper started
1:13 PM: Sweep initiated using definitions version 564
1:13 PM: Starting Memory Sweep
1:13 PM: Found Adware: icannnews
1:13 PM: Detected running threat: C:\WINDOWS\system32\n4p40e7qeh.dll (ID = 83)
1:14 PM: Detected running threat: C:\WINDOWS\system32\mbxml.dll (ID = 83)
1:15 PM: Memory Sweep Complete, Elapsed Time: 00:02:13
1:15 PM: Starting Registry Sweep
1:16 PM: Registry Sweep Complete, Elapsed Time:00:00:40
1:16 PM: Starting Cookie Sweep
1:16 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:16 PM: Starting File Sweep
1:21 PM: Found Adware: ist yoursitebar
1:21 PM: ysbactivex.dll (ID = 179096)
1:24 PM: Found Adware: apropos
1:24 PM: wingenerics.dll (ID = 50187)
1:28 PM: Found System Monitor: potentially rootkit-masked files
1:28 PM: 00006952_4363a761_0009fac4 (ID = 0)
1:28 PM: 000066c4_43595a51_000e9fb8 (ID = 0)
1:28 PM: 00006343_435b2f46_000baf13 (ID = 0)
1:28 PM: 00004cbd_4361c863_000eee88 (ID = 0)
1:28 PM: 00002d12_4364846e_000273d0 (ID = 0)
1:28 PM: 000048db_4363bc1a_000781e3 (ID = 0)
1:28 PM: 0000526a_4362e3b5_0003d4c1 (ID = 0)
1:28 PM: 000074ad_435a9cbe_0006f3ee (ID = 0)
1:28 PM: 000022ee_435b521d_000e5861 (ID = 0)
1:28 PM: 00000a26_435d6348_00092e16 (ID = 0)
1:28 PM: 000005f8_435d670b_000967b1 (ID = 0)
1:28 PM: 00006ea3_435cf778_0000abc1 (ID = 0)
1:28 PM: 00004e38_43596e5f_000ecff3 (ID = 0)
1:28 PM: 000054de_435a781b_0001f754 (ID = 0)
1:28 PM: 0000463e_435d8b29_000a3f38 (ID = 0)
1:29 PM: 00002bb7_435efdb0_000a51f6 (ID = 0)
1:29 PM: 000079dc_435d1758_0005c461 (ID = 0)
1:29 PM: 0000491c_43630bc4_000a6b0c (ID = 0)
1:29 PM: 00006032_4364864b_0002d919 (ID = 0)
1:29 PM: 00006795_435efea0_000b9ee0 (ID = 0)
1:29 PM: 000016f2_435eff18_000a9706 (ID = 0)
1:29 PM: 00002657_435f0008_000e55d6 (ID = 0)
1:29 PM: 000056ae_43594bf2_0009a1f4 (ID = 0)
1:29 PM: 000062b0_43609899_0007a190 (ID = 0)
1:29 PM: 00006d8f_4361c740_00052d0b (ID = 0)
1:29 PM: 00006cf4_435c2d40_0005bba6 (ID = 0)
1:29 PM: 0000422d_4363b024_00070108 (ID = 0)
1:29 PM: 000011f4_43606041_000afb76 (ID = 0)
1:29 PM: 00000728_43596ca3_00013c7b (ID = 0)
1:30 PM: 000013a6_435c8ef1_00003ff9 (ID = 0)
1:30 PM: 00006b36_43651b58_00084699 (ID = 0)
1:30 PM: 00007613_4363da65_0007865b (ID = 0)
1:30 PM: 000051e8_435f0878_000d3413 (ID = 0)
1:30 PM: 0000527f_435c7bb8_000c88ec (ID = 0)
1:30 PM: 00006df1_435a74b7_000d9bb3 (ID = 0)
1:30 PM: 00002d73_435b0f9b_000b928b (ID = 0)
1:30 PM: 00004fc8_435b22cf_0008a6d4 (ID = 0)
1:30 PM: 000002ee_435cf159_000e118c (ID = 0)
1:30 PM: 00001268_4361c4d8_000a96c4 (ID = 0)
1:30 PM: 00003a2d_43653081_000b5218 (ID = 0)
1:30 PM: 000022ee_4359e11d_00023a04 (ID = 0)
1:30 PM: 000046d4_435d5718_0007b538 (ID = 0)
1:30 PM: 00003dae_435d59e8_00083f58 (ID = 0)
1:31 PM: 00006601_435d5880_00095a59 (ID = 0)
1:31 PM: 00005c57_435f1d91_0006ba71 (ID = 0)
1:31 PM: index (ID = 0)
1:31 PM: dns (ID = 0)
1:31 PM: 00007a5a_43630d61_000e9a60 (ID = 0)
1:31 PM: 00001030_43607165_0002b99e (ID = 0)
1:31 PM: 00004823_4359e8e3_000b353e (ID = 0)
1:31 PM: 0000251f_43632108_000de74c (ID = 0)
1:31 PM: 00003d6c_435a7355_0003d7e8 (ID = 0)
1:31 PM: 00003e82_4361cd60_000a715c (ID = 0)
1:31 PM: 00006048_43653084_00040d44 (ID = 0)
1:31 PM: 000041ff_435f9d84_000669c4 (ID = 0)
1:31 PM: 00005c24_435f11d8_000d5f39 (ID = 0)
1:31 PM: 00005e87_435f1520_000d7df9 (ID = 0)
1:31 PM: 00002ac2_4361c78c_000aaa83 (ID = 0)
1:32 PM: 0000726c_43609989_0006a3b1 (ID = 0)
1:32 PM: 00002959_435c2db0_0000dbf3 (ID = 0)
1:32 PM: 00007282_435a9a1c_0004854c (ID = 0)
1:32 PM: 0000745e_435afb30_000d9e83 (ID = 0)
1:32 PM: 00006329_435f9e10_000ab638 (ID = 0)
1:32 PM: 00005db2_435a8520_0001b356 (ID = 0)
1:32 PM: 00003cd6_435a8868_00009923 (ID = 0)
1:32 PM: 00007122_43642bf6_000b9494 (ID = 0)
1:32 PM: 000037e5_43631f17_0006312b (ID = 0)
1:32 PM: 000043f6_435cbd59_0003a6c3 (ID = 0)
1:32 PM: 000058ad_435cbe49_0004cc8e (ID = 0)
1:32 PM: 000016d4_43631ff4_0003b698 (ID = 0)
1:32 PM: 000007cf_43631daf_0008d35c (ID = 0)
1:32 PM: 00004ff8_436322e1_0008b5d0 (ID = 0)
1:33 PM: 00003960_436325ed_000c18a0 (ID = 0)
1:33 PM: 000026e9_435a75a7_000e2504 (ID = 0)
1:33 PM: 00001c11_435da879_0005d1a4 (ID = 0)
1:33 PM: 000032ed_4361c4da_0002afd8 (ID = 0)
1:33 PM: 00004626_43596ed7_000ed9ee (ID = 0)
1:33 PM: 000048cc_435a8688_0000e691 (ID = 0)
1:33 PM: 000054d6_43596b13_000cc546 (ID = 0)
1:33 PM: 00005882_435c7870_000bf4d1 (ID = 0)
1:33 PM: 00004080_435a84a8_00013400 (ID = 0)
1:33 PM: 00006d73_435c7780_000b6b80 (ID = 0)
1:33 PM: 00004325_435ae201_0002758c (ID = 0)
1:33 PM: 0000388a_435af680_000d88f0 (ID = 0)
1:33 PM: 00005f9a_435f19e5_0003f3d6 (ID = 0)
1:33 PM: 0000484d_4361d500_000299f0 (ID = 0)
1:33 PM: 00003325_435f03c8_000b9750 (ID = 0)
1:33 PM: 00005a72_436173d6_00000c70 (ID = 0)
1:34 PM: 00001388_435f0260_000ba07c (ID = 0)
1:34 PM: 000033ea_435a8598_0000d29b (ID = 0)
1:34 PM: 0000456d_43597091_0002dd52 (ID = 0)
1:34 PM: 000050b7_435f09e1_000081ab (ID = 0)
1:34 PM: 00000af0_435c7ca8_000c4ea6 (ID = 0)
1:34 PM: 0000074d_435947a7_0009529b (ID = 0)
1:34 PM: 000009fc_4361d41b_000d27ec (ID = 0)
1:34 PM: 00003b25_43648538_00086b40 (ID = 0)
1:34 PM: 00007ed4_435f1d19_000837a6 (ID = 0)
1:34 PM: 00005005_436066d1_000c9908 (ID = 0)
1:34 PM: 00001cdf_43596ef5_0008a256 (ID = 0)
1:34 PM: 0000042f_4361bf6f_000313f4 (ID = 0)
1:34 PM: 00001613_435efe28_000ad14c (ID = 0)
1:34 PM: 00001386_4361c58b_000e5e86 (ID = 0)
1:34 PM: 00005e41_4362de20_0006d059 (ID = 0)
1:34 PM: 000078d4_435ae09d_0006dc8c (ID = 0)
1:35 PM: 00000035_435bc4cb_00036a56 (ID = 0)
1:35 PM: 00007f96_435949fe_00016598 (ID = 0)
1:35 PM: 00004e48_435b2323_00012d16 (ID = 0)
1:35 PM: 0000767d_4359d4b4_0001cb4e (ID = 0)
1:35 PM: 000003f1_435f12c8_000d7330 (ID = 0)
1:35 PM: 00002668_435ab386_0005d278 (ID = 0)
1:35 PM: 00004dc8_435947c1_000219cc (ID = 0)
1:35 PM: 00000e07_435f1ac1_00082cdc (ID = 0)
1:35 PM: 0000662a_43596e8f_00050485 (ID = 0)
1:35 PM: 000061b3_43643d1d_0002ee41 (ID = 0)
1:35 PM: 00007299_435ca4f9_00021518 (ID = 0)
1:35 PM: 00002118_4361d725_00027090 (ID = 0)
1:35 PM: 00007ff5_43594a4a_000029d6 (ID = 0)
1:35 PM: 00005af1_43594602_000a9dac (ID = 0)
1:35 PM: 00006c34_4361cce8_000b7936 (ID = 0)
1:35 PM: 00005af1_435a752f_000da5ae (ID = 0)
1:35 PM: 00003f97_43596b1f_0005b313 (ID = 0)
1:35 PM: 00002c9e_436401f0_00057ac9 (ID = 0)
1:36 PM: 0000549b_4363c9e3_000d1394 (ID = 0)
1:36 PM: 00007011_43641ff0_000cb644 (ID = 0)
1:36 PM: 00005a70_4363d885_000e3ec6 (ID = 0)
1:36 PM: 000042be_4363db55_00024129 (ID = 0)
1:36 PM: 000021eb_43609be1_00063920 (ID = 0)
1:36 PM: 00003605_436084e9_000428ec (ID = 0)
1:36 PM: 00004f5b_43608415_00094806 (ID = 0)
1:36 PM: 00007617_4361c7e9_00062388 (ID = 0)
1:36 PM: 0000422d_435961c8_000236d2 (ID = 0)
1:36 PM: 000033e9_435f0350_000bdb91 (ID = 0)
1:36 PM: 00003a2d_4359634b_00027748 (ID = 0)
1:37 PM: 0000676d_43596f30_00090380 (ID = 0)
1:37 PM: 00003aec_435f05a8_000c0d79 (ID = 0)
1:37 PM: 0000074d_43648470_00005b66 (ID = 0)
1:37 PM: 000054dc_435961c8_0006f380 (ID = 0)
1:37 PM: 00007dd1_435961fd_00029d5a (ID = 0)
1:37 PM: 00000d66_435961c8_0009b3a3 (ID = 0)
1:37 PM: 0000261e_435961fd_000a414a (ID = 0)
1:37 PM: 0000251d_435f04b8_000b8428 (ID = 0)
1:37 PM: 000007cf_435962d7_00025cae (ID = 0)
1:37 PM: 00007556_435f02d8_000b8359 (ID = 0)
1:37 PM: 00004a80_43595eb4_0005fcb5 (ID = 0)
1:38 PM: 000051d1_43596ca9_0009022b (ID = 0)
1:38 PM: 00001d11_435c3079_00049b50 (ID = 0)
1:38 PM: 00003d6c_435b34b2_0002d6f6 (ID = 0)
1:38 PM: 00005b27_435f1070_000db6a3 (ID = 0)
1:38 PM: 00007983_435961c9_0001ee35 (ID = 0)
1:38 PM: 00007a5a_436484ae_000edc5c (ID = 0)
1:38 PM: 00005e76_435c2db0_0001c6a9 (ID = 0)
1:38 PM: 000016c5_43595eb6_000b611d (ID = 0)
1:38 PM: 00005e9d_435961fd_000c16b6 (ID = 0)
1:38 PM: 00006732_435962d7_0004ce95 (ID = 0)
1:38 PM: 00000e12_435bbc1d_000504c6 (ID = 0)
1:38 PM: 0000182f_435c00b4_000b1c0e (ID = 0)
1:38 PM: 000023c9_435960ac_000a7d9a (ID = 0)
1:38 PM: 0000294d_435f0125_0007ea1b (ID = 0)
1:38 PM: 000068f5_4359669c_0003da7d (ID = 0)
1:38 PM: 0000354a_4361d4c4_0005de00 (ID = 0)
1:39 PM: 00005d3d_435ca5e9_00016576 (ID = 0)
1:39 PM: 00001916_435961fd_000e889d (ID = 0)
1:39 PM: 00007e0e_43597095_00000c90 (ID = 0)
1:39 PM: 00006d22_435962d7_0007407b (ID = 0)
1:39 PM: 00001bfa_4361c68d_00055e60 (ID = 0)
1:39 PM: 00000de5_43596640_000b273b (ID = 0)
1:39 PM: 00005e33_4361c7f1_00065088 (ID = 0)
1:39 PM: 00006b72_435961fe_00049f85 (ID = 0)
1:39 PM: 00006f3c_43596641_0000a1aa (ID = 0)
1:39 PM: 00000721_4361c478_000d5e91 (ID = 0)
1:39 PM: 00006e89_43597002_0000cac6 (ID = 0)
1:39 PM: 000075ef_435961c9_0004ae58 (ID = 0)
1:39 PM: 00000871_4363c9ab_0006f4c8 (ID = 0)
1:39 PM: 00006cf4_43596641_0002c553 (ID = 0)
1:39 PM: 00004657_435961ca_0003f060 (ID = 0)
1:40 PM: 00001d3f_4363cd47_000ce51e (ID = 0)
1:40 PM: 00004365_43596de7_000ec5f8 (ID = 0)
1:40 PM: 00005515_435f0698_000cbde9 (ID = 0)
1:40 PM: 00004d9a_43596b8f_00078c9a (ID = 0)
1:40 PM: 00005f90_4364f781_000b54f4 (ID = 0)
1:40 PM: 00003b97_43596a32_00087020 (ID = 0)
1:40 PM: 00005d03_4359d4ae_00029444 (ID = 0)
1:40 PM: 00007529_435f1e09_0006c46c (ID = 0)
1:40 PM: 0000357e_43599765_0005f780 (ID = 0)
1:40 PM: 00004975_43643e0d_000a57eb (ID = 0)
1:40 PM: 00002cd6_435b34b3_000463c6 (ID = 0)
1:40 PM: 000066b4_4363c9eb_000b1ceb (ID = 0)
1:40 PM: 000048a6_435db1b3_000a0ad8 (ID = 0)
1:40 PM: 00006469_436090a1_00060d2b (ID = 0)
1:40 PM: 00007ac2_43632742_00038b48 (ID = 0)
1:40 PM: 0000652f_435f1c29_0006eabc (ID = 0)
1:40 PM: 00005893_43605125_000712b1 (ID = 0)
1:40 PM: 00002cd5_4359b352_000ab33b (ID = 0)
1:40 PM: 000018be_4359d20f_000ebacb (ID = 0)
1:40 PM: 000048e5_435f1599_000a7f34 (ID = 0)
1:41 PM: 00000a87_43599766_000a92b0 (ID = 0)
1:41 PM: 000000eb_4359924f_000095cd (ID = 0)
1:41 PM: 000037be_43599167_0001c0ab (ID = 0)
1:41 PM: 0000123b_4359952e_000a2a12 (ID = 0)
1:41 PM: 00003106_43599624_0007ede2 (ID = 0)
1:41 PM: 00006a89_43602ea5_00058c51 (ID = 0)
1:41 PM: 00005a70_435c7c30_000bcf50 (ID = 0)
1:41 PM: 00002f2f_435f08f0_000d3e0e (ID = 0)
1:41 PM: 00001bfc_4359a523_000f1d4a (ID = 0)
1:41 PM: 00004325_435c2efa_000efc8b (ID = 0)
1:41 PM: 00005478_4359976a_0005c563 (ID = 0)
1:41 PM: 0000008c_4359975c_000b9363 (ID = 0)
1:41 PM: 0000491e_4361c47e_0003435c (ID = 0)
1:41 PM: 00007874_43605fc9_000b3fb8 (ID = 0)
1:41 PM: 000026e9_435b3816_00036c18 (ID = 0)
1:41 PM: 000058b0_43595dc5_000af94a (ID = 0)
1:41 PM: 00000ecc_435962d7_000a009e (ID = 0)
1:41 PM: 000045a8_435f0cb0_000d3fab (ID = 0)
1:42 PM: 00000bed_435f1bb1_00069284 (ID = 0)
1:42 PM: 00004a9f_4361c78d_000928f3 (ID = 0)
1:42 PM: 00007a5a_4359d4ae_0005a2a4 (ID = 0)
1:42 PM: 00006b89_43648578_000d08be (ID = 0)
1:42 PM: 000034f7_435f0c38_000ce773 (ID = 0)
1:42 PM: 000075ec_435afba8_000dcf9c (ID = 0)
1:42 PM: 00000ea9_43624229_000d1fc6 (ID = 0)
1:42 PM: 00006629_43642126_00021a7b (ID = 0)
1:42 PM: 00005db2_435960ab_0001c235 (ID = 0)
1:42 PM: 00007441_4361d642_00039070 (ID = 0)
1:42 PM: 00007daa_43599c0f_00080efd (ID = 0)
1:42 PM: 00002b00_436065e1_000c0fb6 (ID = 0)
1:42 PM: 00007a1c_43605067_000e0d9c (ID = 0)
1:42 PM: 00007ac2_4361cc6a_0009ed69 (ID = 0)
1:42 PM: 00006784_4359d214_0004c114 (ID = 0)
1:42 PM: 00000b80_4361ce50_0009e8d9 (ID = 0)
1:42 PM: 00004d67_435c00c4_000b00b3 (ID = 0)
1:42 PM: 00004027_43596a82_000e5255 (ID = 0)
1:43 PM: 00003a8d_43606659_000c67ee (ID = 0)
1:43 PM: 000066be_435c78e8_000bd7ae (ID = 0)
1:43 PM: 000034d5_435f0621_000191e3 (ID = 0)
1:43 PM: 00004823_4359d18b_0000aca0 (ID = 0)
1:43 PM: 00000029_436454bd_000cf989 (ID = 0)
1:43 PM: 000075f3_435d885d_000cd9f8 (ID = 0)
1:43 PM: 000026ca_43595dc5_000d924e (ID = 0)
1:43 PM: 0000401d_435961ff_00076548 (ID = 0)
1:43 PM: 00006784_4359f4b7_00011889 (ID = 0)
1:43 PM: 00001fd2_435eff90_000b6499 (ID = 0)
1:43 PM: 00003a36_435d869a_000d552b (ID = 0)
1:43 PM: 0000328a_43608c69_0004efbe (ID = 0)
1:43 PM: 0000701f_435b4143_000a436c (ID = 0)
1:43 PM: 00005968_435c00c7_00019836 (ID = 0)
1:43 PM: 00002332_435c7e88_000bda19 (ID = 0)
1:43 PM: 00005f90_435b36a4_0000f23c (ID = 0)
1:44 PM: 00007ff4_43610749_000aeb44 (ID = 0)
1:44 PM: 00007a36_4360830d_00085ed3 (ID = 0)
1:44 PM: 00001146_435f9d83_000ca803 (ID = 0)
1:44 PM: 0000403e_435efe76_00027236 (ID = 0)
1:44 PM: 00000902_43595dc6_00088d03 (ID = 0)
1:44 PM: 00003e12_436485cb_0009a994 (ID = 0)
1:44 PM: 000027da_43596efe_000886ba (ID = 0)
1:44 PM: 00000fc9_43605f52_000013b1 (ID = 0)
1:44 PM: 00004dc8_43648477_0005dbee (ID = 0)
1:44 PM: 000060bf_435a8778_0000d369 (ID = 0)
1:44 PM: 000021bc_435f2445_000c30e3 (ID = 0)
1:44 PM: 000045c5_435aad2d_00045871 (ID = 0)
1:44 PM: 000072ae_435944e5_0002ac3e (ID = 0)
1:44 PM: 00006df1_435945d9_0006cfcb (ID = 0)
1:45 PM: 00007796_43602c0e_00002611 (ID = 0)
1:45 PM: 000026b1_4361c5df_000dec3e (ID = 0)
1:45 PM: 00006df1_436483d5_0005d069 (ID = 0)
1:45 PM: 00003b25_435a7caa_000881dc (ID = 0)
1:45 PM: 00006952_435944f7_000226c8 (ID = 0)
1:45 PM: 000041bb_4359460a_000bdc81 (ID = 0)
1:45 PM: 000010d9_43596c44_000122a6 (ID = 0)
1:45 PM: 00003d31_435f0530_000d1553 (ID = 0)
1:45 PM: 00000bb3_435b386c_0001cc1c (ID = 0)
1:45 PM: 00005f90_4359454e_0005be76 (ID = 0)
1:45 PM: 00000732_43605cf9_000b03d4 (ID = 0)
1:45 PM: 00005f90_4359f70f_000198ae (ID = 0)
1:45 PM: 00007334_43610a94_000c53d8 (ID = 0)
1:45 PM: 00001649_435b36a4_000a92b8 (ID = 0)
1:45 PM: 00007b02_435f1b39_00068889 (ID = 0)
1:45 PM: 000001eb_4359460b_0000e194 (ID = 0)
1:45 PM: 00005ed5_43603910_00021bfb (ID = 0)
1:46 PM: 0000491c_435b38dd_0006e0c1 (ID = 0)
1:46 PM: 00005f23_43596c4a_000452c6 (ID = 0)
1:46 PM: 000068b6_435d89a5_000c9226 (ID = 0)
1:46 PM: 0000138a_43596a90_000d6822 (ID = 0)
1:46 PM: 0000251f_436067c1_000bc248 (ID = 0)
1:46 PM: 00005d1e_435f1e81_0007b91e (ID = 0)
1:46 PM: 000037e5_435bdbf4_000ef5b1 (ID = 0)
1:46 PM: 000049b0_435f17f1_0006df24 (ID = 0)
1:46 PM: 0000441d_43624391_000bdda6 (ID = 0)
1:46 PM: 00007b59_435efe78_0002081b (ID = 0)
1:46 PM: 00003960_435aad30_0008fee1 (ID = 0)
1:46 PM: 000026e9_4359d25c_0000fcec (ID = 0)
1:46 PM: 00000a4a_435c07a9_0009e6d4 (ID = 0)
1:46 PM: 0000773b_43606749_000db4d8 (ID = 0)
1:47 PM: 00003505_4361c480_000d1636 (ID = 0)
1:47 PM: 00004f68_436069a3_0005ffd3 (ID = 0)
1:47 PM: 0000482f_435f1ca1_00071bd6 (ID = 0)
1:47 PM: 00004e08_435c2f03_00042e9e (ID = 0)
1:47 PM: 00005d2b_435c7a50_000bce81 (ID = 0)
1:47 PM: 000022e7_435f20d9_00088780 (ID = 0)
1:47 PM: 00002362_435f0f08_000ef8c3 (ID = 0)
1:47 PM: 00002ac7_4361d6b3_00060c10 (ID = 0)
1:47 PM: 00007a5a_4359486a_00007744 (ID = 0)
1:47 PM: 0000390c_43630ad4_000c53a1 (ID = 0)
1:47 PM: 00001b92_4361cec8_0009f2d4 (ID = 0)
1:47 PM: 00007eb7_435a7e80_000c91be (ID = 0)
1:47 PM: 00001b03_4361cf40_0009ae93 (ID = 0)
1:47 PM: 000001eb_435b384d_000f2ca9 (ID = 0)
1:47 PM: 000023c9_435a8610_0001c74c (ID = 0)
1:47 PM: 00005753_435a8700_00031436 (ID = 0)
1:47 PM: 00006ae8_435f1430_000ea2f6 (ID = 0)
1:48 PM: 00000bb3_4359d27f_0004a90e (ID = 0)
1:48 PM: 0000357e_43608373_000851cb (ID = 0)
1:48 PM: 00002040_435d2040_0003c1e3 (ID = 0)
1:48 PM: 00004db7_435b39f4_0002c52c (ID = 0)
1:48 PM: 00003a27_435b05a3_000c57b8 (ID = 0)
1:48 PM: 00005f4f_435f1ef9_0006d863 (ID = 0)
1:48 PM: Sweep Canceled
1:48 PM: 00005f6d_435d1a28_00031903 (ID = 0)
1:48 PM: 00002a09_435f0440_000c64e3 (ID = 0)
1:48 PM: 00000eea_43603294_00018b63 (ID = 0)
********
1:13 PM: | Start of Session, Sunday, October 30, 2005 |
1:13 PM: Spy Sweeper started
1:13 PM: | End of Session, Sunday, October 30, 2005 |
  • 0

#18
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lets see a couple diffrent things here please,

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.


Could you also check Ewido for updates please,
Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.


Post the report.txt here as well please
  • 0

#19
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Err\Desktop\aproposfix\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CpXU2AF2Zj95]
@="lZniC7IJJIJJKJuu mlnRuIJJIYLJsejZksoJAGAB 4POJz90D 9AJ\\374CA0yKAGA"
"Device"="\\\\.\\YYeQPR5Y"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\flpmusic.sys"
"DriverName"="PDRMup"
"HideUninstallerName"="C:\\Program Files\\Winxvid\\jgakperf.exe"
"HDll"="C:\\WINDOWS\\system32\\strshisn.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.LAV"
"InstallationId"="{X6b64fbe-f8bc-05f8-ab9b-4f7f47ec8866}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Winxvid\\sqlhed32.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\inkifier.exe"
"Version"="2.0.106"
"LastAURestoreMsgTS"="2005:10:30-16:32:14:083"

************

Removing hidden service:
Service PDRMup removed.

Removing hidden folder:
Deletion of folder Winxvid succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\flpmusic.sys succeeded!
Deletion of file C:\WINDOWS\system32\inkifier.exe succeeded!
Deletion of file C:\WINDOWS\system32\strshisn.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CpXU2AF2Zj95]
[-HKEY_LOCAL_MACHINE\Software\CpXU2AF2Zj95]

Done!

Finished!






---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:49:52 PM, 10/30/2005
+ Report-Checksum: 5875A2BF

+ Scan result:

[1208] C:\WINDOWS\system32\osexl32.dll -> Spyware.Look2Me : Error during cleaning
[1500] C:\WINDOWS\system32\osexl32.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Err\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPY7KDA3\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\system32\dtus11.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hrjq0515e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\l4p20e7oeh.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lvlo0933e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mjutil.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pFutoenr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\Cookies\err@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End
  • 0

#20
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:01:52 PM, on 10/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.cityguide.com
O15 - Trusted Zone: http://actsvr.concastonline.com
O15 - Trusted Zone: *.latimes.com
O15 - Trusted Zone: *.sacbee.com
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.micro...jects/ocget.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\k044lahq1d4e.dll
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\p6p6lg7s16.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\q0860alsedq60.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#21
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK that took care a couple things for us,
Could you give Spysweeper another run please and see if it will finish scanning, Post the log from it plaes,
Also could you run L2Mfix again run option 1 please, After you run spysweeper,
  • 0

#22
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
********
7:42 PM: | Start of Session, Monday, October 31, 2005 |
7:42 PM: Spy Sweeper started
7:42 PM: Sweep initiated using definitions version 564
7:42 PM: Found Adware: look2me
7:42 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\ms-dos emulation\ || dllname (ID = 129984)
7:42 PM: lv8009lme.dll (ID = 129984)
7:42 PM: Starting Memory Sweep
7:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:42 PM: Found Adware: icannnews
7:42 PM: Detected running threat: C:\WINDOWS\system32\lv8009lme.dll (ID = 83)
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: Detected running threat: C:\WINDOWS\system32\mhxml3r.dll (ID = 83)
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:44 PM: Memory Sweep Complete, Elapsed Time: 00:02:18
7:44 PM: Starting Registry Sweep
7:44 PM: Starting Cookie Sweep
7:44 PM: Registry Sweep Complete, Elapsed Time:00:00:00
7:44 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
7:44 PM: Starting File Sweep
7:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:51 PM: Found Adware: ist yoursitebar
7:51 PM: ysbactivex.dll (ID = 179096)
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:03 PM: File Sweep Complete, Elapsed Time: 00:19:02
8:03 PM: Full Sweep has completed. Elapsed time 00:21:33
8:03 PM: Traces Found: 5
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: Removal process initiated
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: Quarantining All Traces: look2me
8:36 PM: look2me is in use. It will be removed on reboot.
8:36 PM: lv8009lme.dll is in use. It will be removed on reboot.
8:36 PM: Quarantining All Traces: icannnews
8:36 PM: icannnews is in use. It will be removed on reboot.
8:36 PM: C:\WINDOWS\system32\lv8009lme.dll is in use. It will be removed on reboot.
8:36 PM: C:\WINDOWS\system32\mhxml3r.dll is in use. It will be removed on reboot.
8:36 PM: Quarantining All Traces: ist yoursitebar
8:36 PM: Warning: Launched explorer.exe
8:36 PM: Warning: Quarantine process could not restart Explorer.
8:36 PM: Removal process completed. Elapsed time 00:01:01
********
  • 0

#23
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\p6p6lg7s16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m6rmlg9116.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A34105E4-2984-F1C5-F525-9734587DD9EB}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}"="The Core Media Player Shell Extension"
"{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}"="My Media"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{2FE555F9-7517-4247-8FDF-64DF350CE26B}"=""
"{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}"=""
"{49620613-53C3-4E75-91A2-881F5D0CB9CD}"=""
"{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}"=""
"{EBB226E0-F810-40F3-B2EF-B341E92B5BE1}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{11E0E161-CB51-44E6-AB43-4D0763712113}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2FE555F9-7517-4247-8FDF-64DF350CE26B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FE555F9-7517-4247-8FDF-64DF350CE26B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FE555F9-7517-4247-8FDF-64DF350CE26B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FE555F9-7517-4247-8FDF-64DF350CE26B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}\InprocServer32]
@="C:\\WINDOWS\\system32\\kkdfi1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{49620613-53C3-4E75-91A2-881F5D0CB9CD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49620613-53C3-4E75-91A2-881F5D0CB9CD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49620613-53C3-4E75-91A2-881F5D0CB9CD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49620613-53C3-4E75-91A2-881F5D0CB9CD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqjetoledb40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtus11.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11E0E161-CB51-44E6-AB43-4D0763712113}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11E0E161-CB51-44E6-AB43-4D0763712113}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11E0E161-CB51-44E6-AB43-4D0763712113}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11E0E161-CB51-44E6-AB43-4D0763712113}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfprop.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Fri Sep 2 2005 3:52:04p A.... 1,019,904 996.00 K
cdfview.dll Fri Sep 2 2005 3:52:04p A.... 151,040 147.50 K
cdosys.dll Fri Sep 9 2005 5:53:42p A.... 2,067,968 1.97 M
cmdlin~1.dll Sun Oct 23 2005 9:03:52a A.... 43,520 42.50 K
danim.dll Fri Sep 2 2005 3:52:04p A.... 1,053,696 1.00 M
dfprop.dll Mon Oct 31 2005 8:39:08p ..S.R 236,410 230.87 K
dxtrans.dll Fri Sep 2 2005 3:52:04p A.... 205,312 200.50 K
extmgr.dll Fri Sep 2 2005 3:52:04p ..... 55,808 54.50 K
iepeers.dll Fri Sep 2 2005 3:52:04p A.... 251,392 245.50 K
inseng.dll Fri Sep 2 2005 3:52:04p A.... 96,256 94.00 K
islzma.dll Fri Oct 21 2005 3:50:14p A.... 102,912 100.50 K
linkinfo.dll Wed Aug 31 2005 5:41:54p A.... 19,968 19.50 K
m6rmlg~1.dll Mon Oct 31 2005 4:40:42p ..S.R 236,410 230.87 K
mshtml.dll Tue Oct 4 2005 4:26:00p A.... 3,015,168 2.88 M
mshtmled.dll Fri Sep 2 2005 3:52:06p A.... 448,512 438.00 K
msrating.dll Fri Sep 2 2005 3:52:06p A.... 146,432 143.00 K
mstime.dll Fri Sep 2 2005 3:52:06p A.... 530,432 518.00 K
netman.dll Mon Aug 22 2005 10:29:46a A.... 197,632 193.00 K
nwwks.dll Thu Aug 11 2005 7:10:00a A.... 65,024 63.50 K
o6rolg~1.dll Mon Oct 31 2005 8:39:08p ..S.R 233,946 228.46 K
pngfilt.dll Fri Sep 2 2005 3:52:06p A.... 39,424 38.50 K
quartz.dll Mon Aug 29 2005 7:54:26p A.... 1,287,168 1.23 M
shdocvw.dll Fri Sep 2 2005 3:52:06p A.... 1,483,776 1.41 M
shell32.dll Thu Sep 22 2005 7:05:30p A.... 8,450,560 8.06 M
shlwapi.dll Fri Sep 2 2005 3:52:06p A.... 473,600 462.50 K
umpnpmgr.dll Mon Aug 22 2005 7:35:42p A.... 123,392 120.50 K
urlmon.dll Fri Sep 2 2005 3:52:06p A.... 608,768 594.50 K
wininet.dll Fri Sep 2 2005 3:52:06p A.... 658,432 643.00 K
winsrv.dll Wed Aug 31 2005 5:41:54p A.... 291,840 285.00 K
wrlogo~1.dll Thu Oct 27 2005 4:41:02p A.... 492,544 481.00 K
wrlzma.dll Thu Oct 27 2005 4:40:58p A.... 17,920 17.50 K

31 items found: 31 files (3 H/S), 0 directories.
Total of file sizes: 24,105,166 bytes 22.99 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 2024-541A

Directory of C:\WINDOWS\System32

10/31/2005 08:39 PM 236,410 dfprop.dll
10/31/2005 08:39 PM 233,946 o6rolg9316.dll
10/31/2005 04:40 PM 236,410 m6rmlg9116.dll
10/12/2005 02:02 AM <DIR> dllcache
10/24/2004 12:55 PM 56 ED1A7A6DC5.sys
10/23/2004 06:08 PM <DIR> Microsoft
4 File(s) 706,822 bytes
2 Dir(s) 2,859,986,944 bytes free
  • 0

#24
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
FYI, I am still getting the a-d-w-a-r-e.com site popups, which Spy Sweeper is blocking via its shield.
  • 0

#25
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Ok lets give this another run,
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

Advertisements


#26
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Still no log on reboot. Suggestions?
  • 0

#27
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I am posting the log generated by the fix, although it did not pop up after reboot. I opened this out of the l2mfix folder on desktop and it was titled "lo2". Don't know if it will help but it will save me time if this is what you need to see.


L2Mfix 1.04a

Running From:
C:\Documents and Settings\Err\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!
  • 0

#28
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Grrr OK,
Please post back a fresh HJT log and option 1 from L2M looks like we are going to have to do a manual kill
  • 0

#29
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:06:34 AM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.cityguide.com
O15 - Trusted Zone: http://actsvr.concastonline.com
O15 - Trusted Zone: *.latimes.com
O15 - Trusted Zone: *.sacbee.com
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.micro...jects/ocget.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\p6p6lg7s16.dll (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\irlml5311.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#30
fwchoi

fwchoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\p6p6lg7s16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\irlml5311.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A34105E4-2984-F1C5-F525-9734587DD9EB}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}"="The Core Media Player Shell Extension"
"{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}"="My Media"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{2FE555F9-7517-4247-8FDF-64DF350CE26B}"=""
"{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}"=""
"{49620613-53C3-4E75-91A2-881F5D0CB9CD}"=""
"{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}"=""
"{EBB226E0-F810-40F3-B2EF-B341E92B5BE1}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{11E0E161-CB51-44E6-AB43-4D0763712113}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2FE555F9-7517-4247-8FDF-64DF350CE26B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FE555F9-7517-4247-8FDF-64DF350CE26B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FE555F9-7517-4247-8FDF-64DF350CE26B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FE555F9-7517-4247-8FDF-64DF350CE26B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D820BEE7-9EA7-4773-8EC2-8D7B30A86D94}\InprocServer32]
@="C:\\WINDOWS\\system32\\kkdfi1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{49620613-53C3-4E75-91A2-881F5D0CB9CD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49620613-53C3-4E75-91A2-881F5D0CB9CD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49620613-53C3-4E75-91A2-881F5D0CB9CD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49620613-53C3-4E75-91A2-881F5D0CB9CD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqjetoledb40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2796ACE-EE5A-4811-9F47-F7BB8D8D7D43}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtus11.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{11E0E161-CB51-44E6-AB43-4D0763712113}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11E0E161-CB51-44E6-AB43-4D0763712113}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11E0E161-CB51-44E6-AB43-4D0763712113}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{11E0E161-CB51-44E6-AB43-4D0763712113}\InprocServer32]
@="C:\\WINDOWS\\system32\\nkcpl.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Fri Sep 2 2005 3:52:04p A.... 1,019,904 996.00 K
cdfview.dll Fri Sep 2 2005 3:52:04p A.... 151,040 147.50 K
cdosys.dll Fri Sep 9 2005 5:53:42p A.... 2,067,968 1.97 M
cmdlin~1.dll Sun Oct 23 2005 9:03:52a A.... 43,520 42.50 K
danim.dll Fri Sep 2 2005 3:52:04p A.... 1,053,696 1.00 M
dxtrans.dll Fri Sep 2 2005 3:52:04p A.... 205,312 200.50 K
extmgr.dll Fri Sep 2 2005 3:52:04p ..... 55,808 54.50 K
iepeers.dll Fri Sep 2 2005 3:52:04p A.... 251,392 245.50 K
inseng.dll Fri Sep 2 2005 3:52:04p A.... 96,256 94.00 K
irlml5~1.dll Mon Oct 31 2005 9:42:52p ..S.R 235,081 229.57 K
islzma.dll Fri Oct 21 2005 3:50:14p A.... 102,912 100.50 K
l62slg~1.dll Mon Oct 31 2005 9:48:44p ..S.R 236,807 231.25 K
linkinfo.dll Wed Aug 31 2005 5:41:54p A.... 19,968 19.50 K
mshtml.dll Tue Oct 4 2005 4:26:00p A.... 3,015,168 2.88 M
mshtmled.dll Fri Sep 2 2005 3:52:06p A.... 448,512 438.00 K
msrating.dll Fri Sep 2 2005 3:52:06p A.... 146,432 143.00 K
mstime.dll Fri Sep 2 2005 3:52:06p A.... 530,432 518.00 K
netman.dll Mon Aug 22 2005 10:29:46a A.... 197,632 193.00 K
nkcpl.dll Mon Oct 31 2005 9:48:44p ..S.R 235,081 229.57 K
nwwks.dll Thu Aug 11 2005 7:10:00a A.... 65,024 63.50 K
pngfilt.dll Fri Sep 2 2005 3:52:06p A.... 39,424 38.50 K
quartz.dll Mon Aug 29 2005 7:54:26p A.... 1,287,168 1.23 M
shdocvw.dll Fri Sep 2 2005 3:52:06p A.... 1,483,776 1.41 M
shell32.dll Thu Sep 22 2005 7:05:30p A.... 8,450,560 8.06 M
shlwapi.dll Fri Sep 2 2005 3:52:06p A.... 473,600 462.50 K
umpnpmgr.dll Mon Aug 22 2005 7:35:42p A.... 123,392 120.50 K
urlmon.dll Fri Sep 2 2005 3:52:06p A.... 608,768 594.50 K
wininet.dll Fri Sep 2 2005 3:52:06p A.... 658,432 643.00 K
winsrv.dll Wed Aug 31 2005 5:41:54p A.... 291,840 285.00 K
wrlogo~1.dll Thu Oct 27 2005 4:41:02p A.... 492,544 481.00 K
wrlzma.dll Thu Oct 27 2005 4:40:58p A.... 17,920 17.50 K

31 items found: 31 files (3 H/S), 0 directories.
Total of file sizes: 24,105,369 bytes 22.99 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 2024-541A

Directory of C:\WINDOWS\System32

10/31/2005 09:48 PM 235,081 nkcpl.dll
10/31/2005 09:48 PM 236,807 l62slgf7162.dll
10/31/2005 09:42 PM 235,081 irlml5311.dll
10/12/2005 02:02 AM <DIR> dllcache
10/24/2004 12:55 PM 56 ED1A7A6DC5.sys
10/23/2004 06:08 PM <DIR> Microsoft
4 File(s) 707,025 bytes
2 Dir(s) 2,827,100,160 bytes free
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP