Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
23 replies to this topic

#1 jaye31987

jaye31987

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 08 September 2005 - 04:53 PM

Like to thank anybody that willin to help me in advance, thankyou soo much, hopefully somebody will, im havin pop ups like crazy, here my log file



Logfile of HijackThis v1.99.1
Scan saved at 5:39:11 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RAMSYS.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\SETUPWBV.exe
C:\Program Files\Iqeqj\Bunezk.exe
C:\WINDOWS\system32\iewfft\waev.exe
C:\WINDOWS\exe82.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
C:\Program Files\ptrr\lrst.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLHostManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=ramsys.exe
O2 - BHO: SDWin32 Class - {393DE655-F003-412D-85F7-5E5E7B0CE290} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msst] C:\DOCUME~1\ALLUSE~1\APPLIC~1\msst\msst.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117919382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [cac4ee6ee004] C:\WINDOWS\system32\SETUPWBV.exe
O4 - HKLM\..\Run: [Kavren] C:\Program Files\Iqeqj\Bunezk.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\system32\newexp
O4 - HKLM\..\Run: [dsjmyymx] C:\WINDOWS\system32\brda\dsjmyymx.exe
O4 - HKLM\..\Run: [gkfnus] C:\WINDOWS\system32\mfpvkqm\gkfnus.exe
O4 - HKLM\..\Run: [ejosx] C:\WINDOWS\system32\qtnwi\ejosx.exe
O4 - HKLM\..\Run: [xgjhk] C:\WINDOWS\system32\sqvkjff\xgjhk.exe
O4 - HKLM\..\Run: [viyf] C:\WINDOWS\system32\jlngnsat\viyf.exe
O4 - HKLM\..\Run: [cghgylo] C:\WINDOWS\system32\emqe\cghgylo.exe
O4 - HKLM\..\Run: [acgiy] C:\WINDOWS\system32\mqwg\acgiy.exe
O4 - HKLM\..\Run: [waev] C:\WINDOWS\system32\iewfft\waev.exe
O4 - HKLM\..\Run: [g$p$] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sxsp4d.exe reg_run
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
O4 - HKCU\..\Run: [Cmrt] C:\Program Files\ptrr\lrst.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120191561203
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\sasinv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SPM License Server (spmd) - mental images GmbH & Co. KG - C:\WINDOWS\System32\spm\spmd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 08 September 2005 - 06:20 PM

Hello,

This is a badly infected system, so we can't perform this in once.
Also, I see you don't have an antivirus installed. You really need one though and I'm pretty sure the antivirus could fix more than half of the problems here.

Because it is so badly infected, I suggest to install Kaspersky.
Download it from here: http://www.kaspersky.com/trials?chapter=146481750
This is a trial version for 30 days. I'll give some tips afterwards what to do when the trial is expired.
Run the installer and reboot after installing.

After reboot, open Kaspersky and check Updates and download the updates.
Then perform a full scan.

When the scan is finished ( can take a while ), reboot once again.

Download the latest version of Ad-Aware:
http://www.lavasoft.de/support/download/

After installing AAW, and before running the program.
Please be sure to update the reference file following the instructions here:
http://www.lavahelp.net/howto/updref/

Reconfigure Ad-Aware for Full Scan:

Launch the program, and click on the Gear at the top of the start screen.

Click the 'Scanning' button.
Under Drives, Folders and Files, select 'Scan within Archives'.
Click 'Click here to select Drives + folders' and select your installed hard drives.

Under Memory & Registry, select all options.
Click the 'Advanced' button.
Under 'Log-file detail level', select all options.
Click the 'Tweaks' button.

Under 'Scanning Engine', select the following:
'Unload recognized processes during scanning.'
Under 'Cleaning Engine', select the following:
'Let Windows remove files in use after reboot.'
Click on 'Proceed' to save these Preferences.

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT to allow it to finish.

Post a new hijackthislog, so we can work further from there. :thumbsup:

I can't stress enough how important it is to follow above steps!!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jaye31987

jaye31987
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 08 September 2005 - 10:13 PM

Thankyou sooo much, really means a lot to me for helpin :thumbsup: , this is my new log

Logfile of HijackThis v1.99.1
Scan saved at 10:52:50 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\SETUPWBV.exe
C:\WINDOWS\exe82.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ptrr\lrst.exe
C:\WINDOWS\system32\??crosoft.NET\scanregw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=ramsys.exe
O2 - BHO: SDWin32 Class - {393DE655-F003-412D-85F7-5E5E7B0CE290} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msst] C:\DOCUME~1\ALLUSE~1\APPLIC~1\msst\msst.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117919382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [cac4ee6ee004] C:\WINDOWS\system32\SETUPWBV.exe
O4 - HKLM\..\Run: [Kavren] C:\Program Files\Iqeqj\Bunezk.exe
O4 - HKLM\..\Run: [dsjmyymx] C:\WINDOWS\system32\brda\dsjmyymx.exe
O4 - HKLM\..\Run: [gkfnus] C:\WINDOWS\system32\mfpvkqm\gkfnus.exe
O4 - HKLM\..\Run: [ejosx] C:\WINDOWS\system32\qtnwi\ejosx.exe
O4 - HKLM\..\Run: [xgjhk] C:\WINDOWS\system32\sqvkjff\xgjhk.exe
O4 - HKLM\..\Run: [viyf] C:\WINDOWS\system32\jlngnsat\viyf.exe
O4 - HKLM\..\Run: [cghgylo] C:\WINDOWS\system32\emqe\cghgylo.exe
O4 - HKLM\..\Run: [acgiy] C:\WINDOWS\system32\mqwg\acgiy.exe
O4 - HKLM\..\Run: [waev] C:\WINDOWS\system32\iewfft\waev.exe
O4 - HKLM\..\Run: [g$p$] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sxsp4d.exe reg_run
O4 - HKLM\..\Run: [gkaxvpmg] C:\WINDOWS\system32\waeecwfq\gkaxvpmg.exe
O4 - HKLM\..\Run: [tpdywtwv] C:\WINDOWS\system32\slig\tpdywtwv.exe
O4 - HKLM\..\Run: [ppdw] C:\WINDOWS\system32\xikd\ppdw.exe
O4 - HKLM\..\Run: [cttekotb] C:\WINDOWS\system32\awwteetf\cttekotb.exe
O4 - HKLM\..\Run: [myhsk] C:\WINDOWS\system32\qawx\myhsk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
O4 - HKCU\..\Run: [Cmrt] C:\Program Files\ptrr\lrst.exe
O4 - HKCU\..\Run: [Roeltrlv] C:\WINDOWS\system32\??crosoft.NET\scanregw.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120191561203
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Time Zones - C:\WINDOWS\system32\sasinv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SPM License Server (spmd) - mental images GmbH & Co. KG - C:\WINDOWS\System32\spm\spmd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 09 September 2005 - 04:36 AM

Hello, you are also dealing with two other nasty infections, but we'll deal with that later.. Let's clean up most first.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

We also need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

When you enable Microsoft antispyware again when everything is done and I tell you your log is clean (not before), it will give some alerts. Please don't block it, because that are the changes you made yourself.

* Download and install CCleaner
Do not use it yet.

* Please set your system to show all files; please see here if you're unsure how to do this.

* Please download ewido:
http://www.ewido.net/en/download/
Let it update, but don't let it scan yet!!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=ramsys.exe
O2 - BHO: SDWin32 Class - {393DE655-F003-412D-85F7-5E5E7B0CE290} - (no file)
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [msst] C:\DOCUME~1\ALLUSE~1\APPLIC~1\msst\msst.exe
O4 - HKLM\..\Run: [cac4ee6ee004] C:\WINDOWS\system32\SETUPWBV.exe
O4 - HKLM\..\Run: [Kavren] C:\Program Files\Iqeqj\Bunezk.exe
O4 - HKLM\..\Run: [dsjmyymx] C:\WINDOWS\system32\brda\dsjmyymx.exe
O4 - HKLM\..\Run: [gkfnus] C:\WINDOWS\system32\mfpvkqm\gkfnus.exe
O4 - HKLM\..\Run: [ejosx] C:\WINDOWS\system32\qtnwi\ejosx.exe
O4 - HKLM\..\Run: [xgjhk] C:\WINDOWS\system32\sqvkjff\xgjhk.exe
O4 - HKLM\..\Run: [viyf] C:\WINDOWS\system32\jlngnsat\viyf.exe
O4 - HKLM\..\Run: [cghgylo] C:\WINDOWS\system32\emqe\cghgylo.exe
O4 - HKLM\..\Run: [acgiy] C:\WINDOWS\system32\mqwg\acgiy.exe
O4 - HKLM\..\Run: [waev] C:\WINDOWS\system32\iewfft\waev.exe
O4 - HKLM\..\Run: [g$p$] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sxsp4d.exe reg_run
O4 - HKLM\..\Run: [gkaxvpmg] C:\WINDOWS\system32\waeecwfq\gkaxvpmg.exe
O4 - HKLM\..\Run: [tpdywtwv] C:\WINDOWS\system32\slig\tpdywtwv.exe
O4 - HKLM\..\Run: [ppdw] C:\WINDOWS\system32\xikd\ppdw.exe
O4 - HKLM\..\Run: [cttekotb] C:\WINDOWS\system32\awwteetf\cttekotb.exe
O4 - HKLM\..\Run: [myhsk] C:\WINDOWS\system32\qawx\myhsk.exe
O4 - HKCU\..\Run: [Cmrt] C:\Program Files\ptrr\lrst.exe
O4 - HKCU\..\Run: [Roeltrlv] C:\WINDOWS\system32\??crosoft.NET\scanregw.exe
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: Time Zones - C:\WINDOWS\system32\sasinv.dll


* Click on Fix Checked when finished and exit HijackThis.

* Using Windows Explorer, locate the following folders, and delete them if still present:

C:\Program Files\ptrr
C:\DOCUMENTS AND SETTINGS\ALLUSERS\APPLICATION DATA\msst
C:\Program Files\Iqeqj
C:\WINDOWS\system32\brda
C:\WINDOWS\system32\mfpvkqm
C:\WINDOWS\system32\qtnwi
C:\WINDOWS\system32\sqvkjff
C:\WINDOWS\system32\jlngnsat
C:\WINDOWS\system32\emqe
C:\WINDOWS\system32\mqwg
C:\WINDOWS\system32\iewfft
C:\WINDOWS\system32\waeecwfq
C:\WINDOWS\system32\slig
C:\WINDOWS\system32\xikd
C:\WINDOWS\system32\awwteetf
C:\WINDOWS\system32\qawx
C:\WINDOWS\system32\??crosoft.NET <== this folder. Watch out here! You won't find a folder with questionmarks in it. Instead of those questionmarks, you'll see letters instead. The folder ends on ....crosoft.NET.
DON'T delete the single folder Microsoft!! The folder you have to delete has scanregw.exe inside. Please make sure you don't delete any other folder and don't miss in here.
If you're not sure, just leave it and tell me afterwards. So, you have to delete a folder called ..crosoft.NET which is inside your System32-folder and inside THAT folder there is scanregw.exe.
Don't search for it via search, because you won't find it that way. Look in your system32-folder yourself to search for that folder.

* Delete the following files

C:\WINDOWS\system32\sxsp4d.exe
C:\WINDOWS\system32\AUNPS2.DLL
C:\WINDOWS\system32\SETUPWBV.exe
C:\WINDOWS\exe82.exe

* Still in safe mode Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

Post back a fresh HijackThis log and the log from ewido so I can take another look.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 jaye31987

jaye31987
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 09 September 2005 - 02:57 PM

Thankyou u sooo much for continue to help me, this what i did. I did what you told me to do with microsoft, did the hijack, and check everything you told me to do.... with the

"C:\WINDOWS\system32\??crosoft.NET <== this folder. Watch out here! You won't find a folder with questionmarks in it. Instead of those questionmarks, you'll see letters instead. The folder ends on ....crosoft.NET.
DON'T delete the single folder Microsoft!! The folder you have to delete has scanregw.exe inside. Please make sure you don't delete any other folder and don't miss in here.
If you're not sure, just leave it and tell me afterwards. So, you have to delete a folder called ..crosoft.NET which is inside your System32-folder and inside THAT folder there is scanregw.exe.
Don't search for it via search, because you won't find it that way. Look in your system32-folder yourself to search for that folder."
i didnt do it because i wasnt too sure, I seen the microsoft.net and in that folder there was only 1 file and it was the scanregw.

I didnt find these files to delete:

C:\WINDOWS\system32\sxsp4d.exe
C:\WINDOWS\system32\AUNPS2.DLL
C:\WINDOWS\exe82.exe

Other then that, here my log and want to thank you one more time, for helping me this far





Logfile of HijackThis v1.99.1
Scan saved at 3:36:49 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117919382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120191561203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: FS Templates - C:\WINDOWS\system32\sasinv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SPM License Server (spmd) - mental images GmbH & Co. KG - C:\WINDOWS\System32\spm\spmd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe



and this is the log from ewildo



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:28:25 PM, 9/9/2005
+ Report-Checksum: 70B81626

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-DD60-0064-6EC2-6E0100000000} -> Spyware.MediaMotor : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607D-D204-42C7-8E46-216055BF9918} -> Spyware.TwainTech : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{002EB272-2590-4693-B166-FBD5D9B6FEA6} -> Spyware.MultiMPP : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{302A3240-4805-4A34-97D7-1645A0B08410} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} -> Spyware.NauPointBar : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C886256C-7A63-4213-AD2F-02AD3735DF06} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-790525478-2147135963-839522115-1003\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
[236] C:\WINDOWS\system32\sasinv.dll -> Spyware.Look2Me : Error during cleaning
[680] C:\WINDOWS\system32\dDtime.dll -> Spyware.Look2Me : Cleaned with backup
[760] C:\WINDOWS\system32\jvaw400.dll -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\SYSTEM\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\rwmotepg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mdhtml.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wzv8dmod.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\AODENC32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ifengine.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\tzpmonui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\crnsole.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\absnds.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wpsapi32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mgports.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\clsetacl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\insmsnap.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\cwprops.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\duiman32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\dcmap.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ilxwan.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\sfrialui.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\rihx32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mgstkprp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\azvpack.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\dwnlobby.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddnlobby.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\oquninst.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\rbhx32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\axuninstall.exe -> Spyware.BlazeFind : Cleaned with backup
C:\WINDOWS\SYSTEM32\njtfxperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ijetres.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\WECSVC(3).DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\movideo.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\khdic.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\kzdsg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\oiesvr32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wldtrace.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\iv41_qcx.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\sulwid.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\vgblock.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\enentlog.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\inencode.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mzrt.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wrpsrcwp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ALL70.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\kodbe.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\myxml3r.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\kwdes.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\npevent.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\GBARAspi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ifdkcs32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\nfrses.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ndtapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\kddfi1.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\oeexl32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\dlnmpntw.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ntcfg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DBMSSOCN.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\msnetobj.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\jndw400.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mscrlrev.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mfvidctl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\dSdramp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mhports.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\kwcom.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\cbiedd.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\dDtime.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\sgell32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\elovcd.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\fxuyud.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\dl7vb.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\cvsetacl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\vtpodbc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mscoree6.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\remtm3.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\thin-143-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\hjragz04\hjragz041\hjragz041.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\hjragz04\hjragz041\hjragz041.exe -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp\119782.dlr -> Dialer.Generic : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11E.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq146.tmp -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq147.tmp -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq148.tmp -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14A.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14B.tmp -> Spyware.Cookie.7search : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14F.tmp -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq154.tmp -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq155.tmp -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq158.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq159.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15A.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15B.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15D.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq160.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq162.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq163.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq165.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq167.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq168.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq170.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq171.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq172.tmp -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq174.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq175.tmp -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq176.tmp -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq177.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq178.tmp -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq179.tmp -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17A.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17B.tmp -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17F.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq180.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq181.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq182.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq184.tmp -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq185.tmp -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq186.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq187.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq188.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq189.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18A.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18B.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18F.tmp -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq190.tmp -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq193.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq194.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq195.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq196.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq197.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq198.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19A.tmp -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19B.tmp -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19F.tmp -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A1.tmp -> Spyware.Cookie.Lop : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A4.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A5.tmp -> Spyware.Cookie.Offshoreclicks : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A8.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A9.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AA.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AB.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B2.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B5.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B6.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BA.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BB.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BC.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BD.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C0.tmp -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C1.tmp -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C2.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C3.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C4.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C5.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C6.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C7.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CB.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CC.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CF.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D2.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D3.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D4.tmp -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D5.tmp -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D7.tmp -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D8.tmp -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D9.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp\MARSHAL2.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEF.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF0.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF5.tmp -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF6.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF7.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20050712010717.zip/Program Files/common files/uninstall information/RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10C.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10D.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBE.tmp -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBF.tmp -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqED.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFB.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq375.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq264.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF93.tmp -> Spyware.Altnet : Cleaned with backup
C:\Program Files\OptimumOnline\insptbar.dll -> Spyware.Dogpile : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9B260D97-BE53-4A5A-A417-A6C185\8F0C1595-53AC-4C5D-B069-B778D2 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9B260D97-BE53-4A5A-A417-A6C185\F22DB95E-560B-4397-A6DF-DE0509 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9B260D97-BE53-4A5A-A417-A6C185\AF93088D-7533-4122-9A94-AAC686 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\96752DFA-15CF-4F18-B775-49EECF\782916EA-FD73-45E7-83CE-606E71 -> Spyware.CASClient : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E90D025D-4F64-4865-AE35-DBE737\9EE11A91-37AD-4B44-8B4B-ED54AB -> Adware.Gator : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E90D025D-4F64-4865-AE35-DBE737\E3099985-5F87-470E-B4FD-74ECE8 -> Adware.Gator : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E90D025D-4F64-4865-AE35-DBE737\229EE041-3A6F-4BA1-B484-C20511 -> Adware.Gator : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E90D025D-4F64-4865-AE35-DBE737\1E7A10B7-D9D3-4260-85B3-5EC989 -> Adware.Gator : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E90D025D-4F64-4865-AE35-DBE737\FBF8CA5C-FDD4-4770-B1C3-0A0B0E -> Adware.Gator : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C0B7B865-AC75-4468-A29D-4DA2C4\462FE484-F8F8-4336-B5ED-4483E3 -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\3F6F7B18-1DA8-4099-B740-430039 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\132AB25A-E3EF-4D21-840F-C850EE -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\FAA61EA8-B0B7-45CE-8BB0-D582E0 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\07EDF689-CE4A-4239-BFD7-3CCAE6 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\2404623A-C608-4AB4-B0B4-F167D4 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\27FD3434-FF86-4C17-974A-6C963E -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\A8835E4A-E374-4E6C-B209-BD7294 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\A5A3ABB5-793C-4312-96BE-7B2865 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\C608DFC0-D2D1-4AE1-80B3-BA72E8 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\2058322F-EA40-46E0-81CB-1AF5AB -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\7583FD64-171D-41BF-A26B-9C357C -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\B9F96C55-E6B4-4560-B18B-9976B8 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\892B91A9-0A56-4D4C-B612-D2424F -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\52C727EE-E281-4075-8DC4-7CBE6A -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\E2618E7B-90BF-4EC2-BC20-DFC77C -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\23C1CD08-8DF9-41BB-859E-874684 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\0BED3833-4EB1-4925-92F5-C04312 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\B8DDB9CD-0FEB-47A2-B8F8-BD182E -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\FF0CA676-F05D-42B6-B5C9-0E5822 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\DD91B260-FF92-4669-A74A-E219FC -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\1922E2FF-4253-4DA5-8F4F-8ADAA2 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\2B5B0DAB-63E0-43C5-894E-45037C -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\6927637A-9C74-41D6-B43F-AF1D7B -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\1D76ED50-2A8F-4C1A-B0A4-A1F5A4 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\F7F446CE-ABC2-4CA3-8D4A-23F201 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\35E73E36-DC08-4EF9-85FE-87AD4A -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\A93F43DD-2D45-4FD7-A278-8C77A0 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\B94156A1-BAFC-4F5F-9446-A00615 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\B082E75C-70FD-49C5-AA64-73FBDF -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\6F049B12-01FB-40A7-9AC2-63C0A3 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\DEDE73AD-F25C-4C50-8441-D44E99 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\9474D690-DA55-4319-9204-2FEC89 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\5DC9CC48-2DB3-4AF5-8E5A-7EDECF -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\03585A51-41FC-45EB-8CC2-FCFEBA -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\089EDC8F-A608-46D3-8CC5-EA1606 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\B65A7D1E-F5D2-48E2-8C6D-292DF0 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\3DB2BCF8-D9BF-4DE9-996A-3DE12D -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\E466E0B8-4310-4D29-ABF9-73D927 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\09FB392D-C6A3-416D-976C-CABDA6 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\53D130AA-3822-4687-8A84-3DB135 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\494A948E-1AA7-4B5D-99AB-FDBCC2 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\11D1B950-2650-4E87-A14C-D05751 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\264E31C2-4FF4-4DDB-89BE-6787AD -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\C33A3755-EEDD-40B5-A85C-563265 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\477141C9-2332-4163-A142-B598ED -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\D6EDC6EF-624D-43CB-8980-1BDFBC -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\C42C3233-9187-4D58-A2DB-47835D -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\A65B39E4-1D70-448E-9FBF-542B67 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\9D925B0B-4BC9-47D0-B1C4-73363F -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\468B7D0B-5BDB-4738-A7DA-6C486C -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\52C0D43D-3D9E-4FCB-B8FC-6729F6 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\4D2ADED2-0958-4BB5-BA0B-2903C4 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\EABB2447-A3DF-41A7-B8E1-4ABEC3 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\40E047BC-4DF6-432E-8BCB-2453A0 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\47474295-789C-4261-BFA3-98961E -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\6FA78046-DFF8-4BC9-9B02-3CA8BD -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\A7AF0FD6-8CB1-44CF-AE50-BE0D22 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\888FEBDD-40C8-4EEE-85D0-3109AF -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\AB0062D2-5899-4236-A9AD-9F1B1C -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\BB93643C-E489-4B7B-AC1A-9F4C64 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\C1E3BF99-74B5-4C47-A4A7-E06925 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43EB0DF0-AD8C-46BA-8DED-FA28FD\65ECD30C-30BE-4BAD-863B-6569BC -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Micros

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 09 September 2005 - 03:08 PM

Hello, this is improved a lot! Good job. We are going to deal with those popups you are still getting in a minute, but first I want you to delete that C:\Windows\System32\Microsoft.Net-folder, because it's the one you mentionned:

I seen the microsoft.net and in that folder there was only 1 file and it was the scanregw.


So, it is that folder you have to delete. No need to do this in safe mode, because it's not active and you can delete it without any problems. :thumbsup:

When done,

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use next fix first:
http://homepage.ntlworld.com/spencer.greys...XPHomeFiles.exe (for XP Home)
http://homepage.ntlworld.com/spencer.greys.../XPProfiles.exe (For XP professional)

Reboot afterwards and select option #1 again for Run Find Log by typing 1 and then pressing enter.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 jaye31987

jaye31987
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 09 September 2005 - 03:19 PM

I deleted the folder you told me to do :thumbsup: and did the exact direction with the program given, here the log


L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\FS Templates]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\sasinv.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{B2BF8425-CC91-DF2A-7315-10EC6D549254}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{7D688A77-C613-11D0-999B-00C04FD655E1}"="SlowFile Icon Overlay"
"{8DE56A0D-E58B-41FE-9F80-3563CDCB2C22}"="Default Image Extrator for Properties"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{A2569D1F-4E06-43EC-9825-0088B471BE47}"="IntelliType Pro Wireless Control Panel Property Page"
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}"="IntelliType Pro Scrolling Control Panel Property Page"
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}"="IntelliType Pro Key Settings Control Panel Property Page"
"{20082881-FC36-4E47-9A7A-644C95FF749F}"="IntelliPoint Wireless Control Panel Property Page"
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}"="IntelliPoint Wheel Control Panel Property Page"
"{653DCCC2-13DB-45B2-A389-427885776CFE}"="IntelliPoint Activities Control Panel Property Page"
"{124597D8-850A-41AE-849C-017A4FA99CA2}"="IntelliPoint Buttons Control Panel Property Page"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shell Shredding Utility"
"{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0}"="Pa&nicware Pop-Up Stopper Pro"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{05D5F383-D518-4E4E-87FD-F69CACD3A75A}"="SUPERCMCUTIL Menu Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{4560734C-CCFC-4CBE-AE9F-F7AEFF11FF6C}"=""
"{CCA60260-A2C9-11D2-BA62-0020188191B2}"="Resplendent Registrar Shell Extension"
"{3CDB35AF-1CA1-42F0-A0F8-D9EC01EC0DC2}"=""
"{29121736-1D17-41C3-AC63-1CCC2C75976B}"=""
"{1FD5352A-1DA1-48FE-BF08-E45C6314421C}"=""
"{BDA561F6-3E84-4B59-9446-83C94C827695}"=""
"{F87B8BA6-18F2-40B2-B23A-61F38752ABA2}"=""
"{A65CA0AB-C5B5-4080-A9D4-662FB17DF927}"=""
"{FAE768D6-80EB-4D1B-842F-1999F664502D}"=""
"{A632A342-4EEA-47A7-B9AF-3FB18E9C456E}"=""
"{D0C1B728-D0C0-432C-9FDF-828C7F506CD6}"=""
"{C051662D-BC54-43C9-B073-892C2DB81466}"=""
"{8983EA6D-74F1-4401-89EC-BBE23BDFB749}"=""
"{5DC7BF32-E23B-4690-BF63-8C6DC87BD3E7}"=""
"{E9D36ABA-6545-479E-BCDB-08C3041DD272}"=""
"{4F59227D-2219-4EDB-B2B3-C4F7CA1AF2B7}"=""
"{B56905DC-15F1-4C2B-B311-723516AAB3DB}"=""
"{F039C3F3-2213-47F8-A18C-F944AA7117B3}"=""
"{B88253B7-9D3C-4082-BA7A-8D4B959E8435}"=""
"{01C048B6-CA31-4CAE-8C3B-0F532AFBF9D4}"=""
"{333FAFDF-C71E-48B1-A085-43C802F62D8D}"=""
"{B98BE981-0C05-41D3-BB14-DC2F34B5DB2B}"=""
"{C88A2772-E476-4CD0-8A2F-23EE64A80750}"=""
"{F86FBFC0-0FD2-4859-8FA2-CFDB44095E5F}"=""
"{A45F04FE-A501-4DC3-8356-E2289215DFB4}"=""
"{47493C8A-9F43-4F3B-8B0C-3797959D611E}"=""
"{9E8B46D1-E1EB-4BD1-B0F2-A99BC71A391F}"=""
"{D05CA730-0913-4CCB-B146-1322422EE123}"=""
"{9A77F075-2E2A-4B4B-AD43-536921825775}"=""
"{B67CA0D6-540B-4596-9860-549DB30697A0}"=""
"{6013A3A3-6AEF-49B4-9FAC-64F8A61C967B}"=""
"{F80E997E-756C-4ABA-BFBC-204AC8227C26}"=""
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4560734C-CCFC-4CBE-AE9F-F7AEFF11FF6C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4560734C-CCFC-4CBE-AE9F-F7AEFF11FF6C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4560734C-CCFC-4CBE-AE9F-F7AEFF11FF6C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4560734C-CCFC-4CBE-AE9F-F7AEFF11FF6C}\InprocServer32]
@="C:\\WINDOWS\\system32\\shclient.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3CDB35AF-1CA1-42F0-A0F8-D9EC01EC0DC2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CDB35AF-1CA1-42F0-A0F8-D9EC01EC0DC2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CDB35AF-1CA1-42F0-A0F8-D9EC01EC0DC2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3CDB35AF-1CA1-42F0-A0F8-D9EC01EC0DC2}\InprocServer32]
@="C:\\WINDOWS\\system32\\kwcom.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{29121736-1D17-41C3-AC63-1CCC2C75976B}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{29121736-1D17-41C3-AC63-1CCC2C75976B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{29121736-1D17-41C3-AC63-1CCC2C75976B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1FD5352A-1DA1-48FE-BF08-E45C6314421C}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{1FD5352A-1DA1-48FE-BF08-E45C6314421C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FD5352A-1DA1-48FE-BF08-E45C6314421C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BDA561F6-3E84-4B59-9446-83C94C827695}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{BDA561F6-3E84-4B59-9446-83C94C827695}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDA561F6-3E84-4B59-9446-83C94C827695}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F87B8BA6-18F2-40B2-B23A-61F38752ABA2}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{F87B8BA6-18F2-40B2-B23A-61F38752ABA2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F87B8BA6-18F2-40B2-B23A-61F38752ABA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A65CA0AB-C5B5-4080-A9D4-662FB17DF927}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{A65CA0AB-C5B5-4080-A9D4-662FB17DF927}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A65CA0AB-C5B5-4080-A9D4-662FB17DF927}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FAE768D6-80EB-4D1B-842F-1999F664502D}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{FAE768D6-80EB-4D1B-842F-1999F664502D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FAE768D6-80EB-4D1B-842F-1999F664502D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A632A342-4EEA-47A7-B9AF-3FB18E9C456E}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{A632A342-4EEA-47A7-B9AF-3FB18E9C456E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A632A342-4EEA-47A7-B9AF-3FB18E9C456E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A632A342-4EEA-47A7-B9AF-3FB18E9C456E}\InprocServer32]
@="C:\\WINDOWS\\system32\\lgrhelp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D0C1B728-D0C0-432C-9FDF-828C7F506CD6}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{D0C1B728-D0C0-432C-9FDF-828C7F506CD6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0C1B728-D0C0-432C-9FDF-828C7F506CD6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0C1B728-D0C0-432C-9FDF-828C7F506CD6}\InprocServer32]
@="C:\\WINDOWS\\system32\\ndth.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C051662D-BC54-43C9-B073-892C2DB81466}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{C051662D-BC54-43C9-B073-892C2DB81466}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C051662D-BC54-43C9-B073-892C2DB81466}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8983EA6D-74F1-4401-89EC-BBE23BDFB749}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{8983EA6D-74F1-4401-89EC-BBE23BDFB749}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8983EA6D-74F1-4401-89EC-BBE23BDFB749}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5DC7BF32-E23B-4690-BF63-8C6DC87BD3E7}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{5DC7BF32-E23B-4690-BF63-8C6DC87BD3E7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5DC7BF32-E23B-4690-BF63-8C6DC87BD3E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F039C3F3-2213-47F8-A18C-F944AA7117B3}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{F039C3F3-2213-47F8-A18C-F944AA7117B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F039C3F3-2213-47F8-A18C-F944AA7117B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B88253B7-9D3C-4082-BA7A-8D4B959E8435}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{B88253B7-9D3C-4082-BA7A-8D4B959E8435}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B88253B7-9D3C-4082-BA7A-8D4B959E8435}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{333FAFDF-C71E-48B1-A085-43C802F62D8D}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{333FAFDF-C71E-48B1-A085-43C802F62D8D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{333FAFDF-C71E-48B1-A085-43C802F62D8D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B98BE981-0C05-41D3-BB14-DC2F34B5DB2B}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{B98BE981-0C05-41D3-BB14-DC2F34B5DB2B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B98BE981-0C05-41D3-BB14-DC2F34B5DB2B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C88A2772-E476-4CD0-8A2F-23EE64A80750}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{C88A2772-E476-4CD0-8A2F-23EE64A80750}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C88A2772-E476-4CD0-8A2F-23EE64A80750}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F86FBFC0-0FD2-4859-8FA2-CFDB44095E5F}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{F86FBFC0-0FD2-4859-8FA2-CFDB44095E5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F86FBFC0-0FD2-4859-8FA2-CFDB44095E5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A45F04FE-A501-4DC3-8356-E2289215DFB4}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{A45F04FE-A501-4DC3-8356-E2289215DFB4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A45F04FE-A501-4DC3-8356-E2289215DFB4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9E8B46D1-E1EB-4BD1-B0F2-A99BC71A391F}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{9E8B46D1-E1EB-4BD1-B0F2-A99BC71A391F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E8B46D1-E1EB-4BD1-B0F2-A99BC71A391F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D05CA730-0913-4CCB-B146-1322422EE123}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{D05CA730-0913-4CCB-B146-1322422EE123}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D05CA730-0913-4CCB-B146-1322422EE123}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B67CA0D6-540B-4596-9860-549DB30697A0}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{B67CA0D6-540B-4596-9860-549DB30697A0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B67CA0D6-540B-4596-9860-549DB30697A0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6013A3A3-6AEF-49B4-9FAC-64F8A61C967B}]
@=""
"IDEx"="ST"

[HKEY_CLASSES_ROOT\CLSID\{6013A3A3-6AEF-49B4-9FAC-64F8A61C967B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6013A3A3-6AEF-49B4-9FAC-64F8A61C967B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F80E997E-756C-4ABA-BFBC-204AC8227C26}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F80E997E-756C-4ABA-BFBC-204AC8227C26}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F80E997E-756C-4ABA-BFBC-204AC8227C26}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F80E997E-756C-4ABA-BFBC-204AC8227C26}\InprocServer32]
@="C:\\WINDOWS\\system32\\jvaw400.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pndx5032.dll Thu Aug 11 2005 1:52:18a A.... 5,632 5.50 K
packet.dll Tue Aug 2 2005 2:08:10p A.... 81,920 80.00 K
wpcap.dll Tue Aug 2 2005 2:18:46p A.... 233,472 228.00 K
unicows.dll Tue Aug 9 2005 6:13:32p A.... 245,408 239.66 K
wanpac~1.dll Tue Aug 2 2005 2:08:08p A.... 61,440 60.00 K
pthrea~1.dll Tue Aug 2 2005 2:24:02p A.... 53,299 52.05 K
shclient.dll Fri Sep 9 2005 3:31:42p ..S.R 417,792 408.00 K
pndx5016.dll Thu Aug 11 2005 1:52:18a A.... 6,656 6.50 K
mscms.dll Tue Jun 28 2005 9:46:00p A.... 74,240 72.50 K
sirenacm.dll Sat Aug 13 2005 2:41:12p A.... 118,784 116.00 K
atl71.dll Sat Aug 27 2005 2:24:54p A.... 89,088 87.00 K
browseui.dll Sat Jul 2 2005 10:11:28p A.... 1,019,904 996.00 K
mshtml.dll Tue Jul 19 2005 10:00:30p A.... 3,014,144 2.87 M
cdfview.dll Sat Jul 2 2005 10:11:28p A.... 151,040 147.50 K
rmoc3260.dll Thu Aug 11 2005 1:52:36a A.... 176,167 172.04 K
sysmwwod.dll Sun Aug 7 2005 10:47:28p A.... 37 0.04 K
msrating.dll Sat Jul 2 2005 10:11:30p A.... 146,432 143.00 K
mshtmled.dll Sat Jul 2 2005 10:11:30p A.... 448,512 438.00 K
atmtd.dll Fri Aug 5 2005 7:04:46p A.... 687,592 671.48 K
iepeers.dll Sat Jul 2 2005 10:11:28p A.... 251,392 245.50 K
sgikq.dll Sat Aug 6 2005 8:22:58p A.... 0 0.00 K
gcunco~1.dll Tue Jul 12 2005 3:35:10p A.... 95,448 93.21 K
icm32.dll Tue Jun 28 2005 9:46:00p A.... 254,976 249.00 K
gccoll~1.dll Tue Jul 12 2005 3:35:14p A.... 126,680 123.71 K
kerberos.dll Wed Jun 15 2005 1:49:30p A.... 295,936 289.00 K
lgrhelp.dll Mon Jul 11 2005 9:46:48p A.... 196,608 192.00 K
ndth.dll Mon Jul 11 2005 9:46:56p A.... 262,144 256.00 K
umpnpmgr.dll Wed Jun 29 2005 10:02:40p A.... 118,272 115.50 K
wininet.dll Sat Jul 2 2005 10:11:30p A.... 658,432 643.00 K
hashlib.dll Tue Jul 12 2005 3:35:14p A.... 117,976 115.21 K
urlmon.dll Sat Jul 2 2005 10:11:30p A.... 607,744 593.50 K
shlwapi.dll Sat Jul 2 2005 10:11:30p A.... 473,600 462.50 K
shdocvw.dll Sat Jul 2 2005 10:11:30p A.... 1,483,776 1.41 M
pngfilt.dll Sat Jul 2 2005 10:11:30p A.... 39,424 38.50 K
inseng.dll Sat Jul 2 2005 10:11:28p A.... 96,256 94.00 K
tapisrv.dll Fri Jul 8 2005 12:27:56p A.... 249,344 243.50 K
cmdlin~1.dll Fri Aug 5 2005 11:43:14p A.... 98,304 96.00 K
sasinv.dll Sun Sep 4 2005 2:11:48p ..S.R 417,792 408.00 K
cbied.dll Thu Aug 18 2005 1:25:26p A.... 98,816 96.50 K
fxuyu.dll Thu Aug 25 2005 4:42:16p A.... 98,816 96.50 K
jvaw400.dll Sun Sep 4 2005 4:14:34p ..... 417,792 408.00 K
dpu11.dll Tue Aug 9 2005 6:12:28p A.... 245,760 240.00 K
dpus11.dll Tue Aug 9 2005 6:12:28p A.... 303,104 296.00 K
dpugui11.dll Tue Aug 9 2005 6:12:30p A.... 581,632 568.00 K
dpv11.dll Tue Aug 9 2005 6:12:28p A.... 57,344 56.00 K
qt-dx331.dll Tue Aug 9 2005 6:12:30p A.... 3,596,288 3.43 M
libeay32.dll Tue Aug 9 2005 6:13:32p A.... 831,488 812.00 K
ssleay32.dll Tue Aug 9 2005 6:13:32p A.... 159,744 156.00 K
dpl100.dll Tue Aug 9 2005 6:12:30p A.... 86,016 84.00 K
dtu100.dll Tue Aug 9 2005 6:12:30p A.... 200,704 196.00 K
divx.dll Tue Aug 9 2005 6:14:00p A.... 692,736 676.50 K
divx_x~1.dll Tue Aug 9 2005 6:13:52p A.... 688,128 672.00 K
divx_x~2.dll Tue Aug 9 2005 6:13:54p A.... 688,128 672.00 K
divx_x~3.dll Tue Aug 9 2005 6:13:52p A.... 671,744 656.00 K

54 items found: 54 files (2 H/S), 0 directories.
Total of file sizes: 22,293,903 bytes 21.26 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Fri Sep 9 2005 3:32:42p ..S.R 417,792 408.00 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417,792 bytes 408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 2F45-0EFB

Directory of C:\WINDOWS\System32

09/09/2005 03:32 PM 417,792 guard.tmp
09/09/2005 03:31 PM 417,792 shclient.dll
09/04/2005 02:11 PM 417,792 sasinv.dll
04/21/2005 10:41 AM 430,080 ?explore.exe
03/21/2004 04:14 PM 1,020 JqvGme.017
02/10/2004 10:57 PM <DIR> Microsoft
02/10/2004 09:27 PM <DIR> dllcache
5 File(s) 1,684,476 bytes
2 Dir(s) 20,252,360,704 bytes free

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 09 September 2005 - 03:52 PM

Good..

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

Extra note... after reboot and logging in, normally a screen will pop up and perform the rest of the fix and notepad opens automatically afterwards.
If that doesn't happen, you'll have to do it manually, so open your L2M-folder which is present on your desktop and doubleclick second.bat.
Let it run and notepad (log.txt) will open then. Copy and paste the contents of it in your next reply with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 jaye31987

jaye31987
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 09 September 2005 - 04:48 PM

Thank you for helpin this this far :thumbsup: , this step gave me lil problems, i reboot goood doin the followin instruction but error pop up, abd log didnt want to happen, so after 2-3 trys i did it manully and this wat i got








L2Mfix 1.04a

Running From:
C:\Documents and Settings\Jason\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

Setting Directory
C:\Documents and Settings\Jason\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Jason\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1140 'explorer.exe'
Killing PID 1140 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1632 'rundll32.exe'
Killing PID 1980 'rundll32.exe'
Killing PID 168 'rundll32.exe'
Setting Directory
C:\Documents and Settings\Jason\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Jason\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1140 'explorer.exe'
Killing PID 1140 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1572 'rundll32.exe'
Killing PID 1720 'rundll32.exe'
Killing PID 1848 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\sasinv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sasinv.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\shclient.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\shclient.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\sasinv.dll
Successfully Deleted: C:\WINDOWS\system32\sasinv.dll
deleting: C:\WINDOWS\system32\sasinv.dll
Successfully Deleted: C:\WINDOWS\system32\sasinv.dll
deleting: C:\WINDOWS\system32\shclient.dll
Successfully Deleted: C:\WINDOWS\system32\shclient.dll
deleting: C:\WINDOWS\system32\shclient.dll
Successfully Deleted: C:\WINDOWS\system32\shclient.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed


Zipping up files for submission:
adding: sasinv.dll (deflated 48%)
adding: shclient.dll (deflated 48%)
adding: guard.tmp (deflated 48%)
adding: echo.reg (deflated 11%)
adding: clear.reg (deflated 2%)
adding: desktop.ini (stored 0%)
adding: readme.txt (deflated 52%)
adding: direct.txt (stored 0%)
adding: report.txt (deflated 71%)
adding: lo2.txt (deflated 80%)
adding: test2.txt (stored 0%)
adding: test3.txt (stored 0%)
adding: test5.txt (stored 0%)
adding: test.txt (deflated 74%)
adding: xfind.txt (deflated 71%)
adding: backregs/notibac.reg (deflated 87%)
adding: backregs/shell.reg (deflated 74%)
adding: backregs/4560734C-CCFC-4CBE-AE9F-F7AEFF11FF6C.reg (deflated 70%)
adding: backregs/3CDB35AF-1CA1-42F0-A0F8-D9EC01EC0DC2.reg (deflated 70%)
adding: backregs/29121736-1D17-41C3-AC63-1CCC2C75976B.reg (deflated 68%)
adding: backregs/1FD5352A-1DA1-48FE-BF08-E45C6314421C.reg (deflated 68%)
adding: backregs/BDA561F6-3E84-4B59-9446-83C94C827695.reg (deflated 68%)
adding: backregs/F87B8BA6-18F2-40B2-B23A-61F38752ABA2.reg (deflated 68%)
adding: backregs/A65CA0AB-C5B5-4080-A9D4-662FB17DF927.reg (deflated 68%)
adding: backregs/FAE768D6-80EB-4D1B-842F-1999F664502D.reg (deflated 68%)
adding: backregs/A632A342-4EEA-47A7-B9AF-3FB18E9C456E.reg (deflated 69%)
adding: backregs/D0C1B728-D0C0-432C-9FDF-828C7F506CD6.reg (deflated 69%)
adding: backregs/C051662D-BC54-43C9-B073-892C2DB81466.reg (deflated 68%)
adding: backregs/8983EA6D-74F1-4401-89EC-BBE23BDFB749.reg (deflated 68%)
adding: backregs/5DC7BF32-E23B-4690-BF63-8C6DC87BD3E7.reg (deflated 68%)
adding: backregs/F039C3F3-2213-47F8-A18C-F944AA7117B3.reg (deflated 68%)
adding: backregs/B88253B7-9D3C-4082-BA7A-8D4B959E8435.reg (deflated 68%)
adding: backregs/333FAFDF-C71E-48B1-A085-43C802F62D8D.reg (deflated 68%)
adding: backregs/B98BE981-0C05-41D3-BB14-DC2F34B5DB2B.reg (deflated 68%)
adding: backregs/C88A2772-E476-4CD0-8A2F-23EE64A80750.reg (deflated 68%)
adding: backregs/F86FBFC0-0FD2-4859-8FA2-CFDB44095E5F.reg (deflated 68%)
adding: backregs/A45F04FE-A501-4DC3-8356-E2289215DFB4.reg (deflated 68%)
adding: backregs/9E8B46D1-E1EB-4BD1-B0F2-A99BC71A391F.reg (deflated 68%)
adding: backregs/D05CA730-0913-4CCB-B146-1322422EE123.reg (deflated 68%)
adding: backregs/B67CA0D6-540B-4596-9860-549DB30697A0.reg (deflated 68%)
adding: backregs/6013A3A3-6AEF-49B4-9FAC-64F8A61C967B.reg (deflated 68%)
adding: backregs/F80E997E-756C-4ABA-BFBC-204AC8227C26.reg (deflated 70%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: sasinv.dll
deleting local copy: sasinv.dll
deleting local copy: shclient.dll
deleting local copy: shclient.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\sasinv.dll
C:\WINDOWS\system32\sasinv.dll
C:\WINDOWS\system32\shclient.dll
C:\WINDOWS\system32\shclient.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
















Here my log just incase u need it






Logfile of HijackThis v1.99.1
Scan saved at 5:45:25 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLHostManager.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1117919382\ee\AOLServiceHost.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117919382\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120191561203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SPM License Server (spmd) - mental images GmbH & Co. KG - C:\WINDOWS\System32\spm\spmd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

#10 jaye31987

jaye31987
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 09 September 2005 - 04:54 PM

Thank you for helpin me this far, this step gave me little problems, i reboot the computer doing the following instructions but error pop up, and log didnt want to happen, so after 2-3 trys i did it manully and this wat i got



sry about my gammer, im very bad :thumbsup:

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 09 September 2005 - 04:56 PM

Well, it seems like we got it. Normally popups must be gone now.

There was something that was present in your previous l2mlog that I don't like, so let's take a closer look. It's another 'questionmark-file' again. :thumbsup:

Open notepad, copy and paste next content (bold) in it:

dir C:\WINDOWS\System32\?explore.exe /a h > look.txt
start notepad look.txt


Save this as look.bat ,choose to save as *all files and save it to your desktop.
This is how the batch must look after you created it: Posted Image
Doubleclick on it and notepad will open with some text in it.
Copy and paste this in your next reply.

Edit.. don't worry about your grammar, I understand you perfectly. :flowers:

Edited by miekiemoes, 09 September 2005 - 04:58 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 jaye31987

jaye31987
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 09 September 2005 - 05:06 PM

Thankyou soo much, after making that file. This what I got

Volume in drive C has no label.
Volume Serial Number is 2F45-0EFB

Directory of C:\WINDOWS\System32

04/21/2005 10:41 AM 430,080 ?explore.exe
1 File(s) 430,080 bytes

Directory of C:\Documents and Settings\Jason\Desktop

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 09 September 2005 - 05:25 PM

Hi, well that file needs to go also. It's present in your system32-folder.
It ends on .explore.exe. Instead of that questionmark, you'll see another letter instead.. and I guess it will be most probably an i.
Make sure you don't delete C:\Windows\explorer.exe (anyway, you won't be able to also) or don't delete C:\Program Files\Internet Explorer\iexplore.exe!!
That file you have to delete is in your system32-folder.

To find it quickly..

Open your system32-folder.
On top in the menu, click the 'views'-icon
select: details
You'll see new tabs present on top of the system32-folder
Click 'Date Modified'
If you click it, the files are sorted on date.
Now you have to search for a file that is modified 04/21/2005 ending on .explore.exe.

Let me know in your next reply.
Also let me know how things are running. :thumbsup:

Edited by miekiemoes, 09 September 2005 - 05:26 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 jaye31987

jaye31987
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 09 September 2005 - 05:36 PM

I did exactly what you told me, and I found the file (iexplore 420kb and same date you mention), i try to delete it and i cant (something about its protected).....other then that no pop ups and working good

#15 jaye31987

jaye31987
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 09 September 2005 - 05:38 PM

After sending that post, i just recieve a pop up from "ad manager"something like that




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users