Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I'm Clean...


  • Please log in to reply
31 replies to this topic

#1 DrWatson

DrWatson

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 15 November 2005 - 02:47 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:45:11 PM, on 11/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINNT\SYSTEM32\USRshutA.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.byu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USRpdA] C:\WINNT\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: Unimodem - C:\WINNT\system32\ir22l5fo1.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TTdOQ0RQUk8\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

:thumbsup:

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:19 AM

Posted 15 November 2005 - 02:52 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 DrWatson

DrWatson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 15 November 2005 - 03:16 PM

Here is my Spy Sweep Report:

********
12:56 PM: | Start of Session, Tuesday, November 15, 2005 |
12:56 PM: Spy Sweeper started
12:56 PM: Sweep initiated using definitions version 556
12:56 PM: Starting Memory Sweep
12:56 PM: Found Adware: icannnews
12:56 PM: Detected running threat: C:\WINNT\system32\ir22l5fo1.dll (ID = 83)
12:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:58 PM: Detected running threat: C:\WINNT\system32\guard.tmp (ID = 83)
12:59 PM: Memory Sweep Complete, Elapsed Time: 00:03:00
12:59 PM: Starting Registry Sweep
12:59 PM: Found Adware: hotbar
12:59 PM: HKCR\clsid\{0ab71193-ec19-4d70-85c2-e46e2ff02755}\ (19 subtraces) (ID = 127227)
12:59 PM: HKCR\clsid\{3fa917b9-df69-477f-9e4f-b60d929de79f}\ (22 subtraces) (ID = 127235)
12:59 PM: HKCR\clsid\{8c875948-9c60-4381-9248-0df180542d53}\ (11 subtraces) (ID = 127241)
12:59 PM: HKCR\clsid\{31a59636-0fa3-4a56-954d-db7ad02840d8}\ (13 subtraces) (ID = 127242)
12:59 PM: HKCR\clsid\{40d8240a-e3a0-4d59-ac55-0443120188d1}\ (10 subtraces) (ID = 127244)
12:59 PM: HKCR\clsid\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (16 subtraces) (ID = 127246)
12:59 PM: HKCR\clsid\{a14c0d8d-e753-4e73-9e2b-4070791d8940}\ (9 subtraces) (ID = 127261)
12:59 PM: HKCR\clsid\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881}\ (10 subtraces) (ID = 127267)
12:59 PM: HKCR\hbtinstie.hbinstobj.1\ (3 subtraces) (ID = 127301)
12:59 PM: HKCR\hbtinstie.hbinstobj\ (5 subtraces) (ID = 127302)
12:59 PM: HKLM\software\classes\clsid\{0ab71193-ec19-4d70-85c2-e46e2ff02755}\ (19 subtraces) (ID = 127393)
12:59 PM: HKLM\software\classes\clsid\{3fa917b9-df69-477f-9e4f-b60d929de79f}\ (22 subtraces) (ID = 127399)
12:59 PM: HKLM\software\classes\clsid\{8c875948-9c60-4381-9248-0df180542d53}\ (11 subtraces) (ID = 127404)
12:59 PM: HKLM\software\classes\clsid\{31a59636-0fa3-4a56-954d-db7ad02840d8}\ (13 subtraces) (ID = 127405)
12:59 PM: HKLM\software\classes\clsid\{40d8240a-e3a0-4d59-ac55-0443120188d1}\ (10 subtraces) (ID = 127407)
12:59 PM: HKLM\software\classes\clsid\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (16 subtraces) (ID = 127409)
12:59 PM: HKLM\software\classes\clsid\{460ac4db-b0de-4626-a0f0-175dd84dcb9b}\ (2 subtraces) (ID = 127416)
12:59 PM: HKLM\software\classes\clsid\{a14c0d8d-e753-4e73-9e2b-4070791d8940}\ (9 subtraces) (ID = 127425)
12:59 PM: HKLM\software\classes\clsid\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881}\ (10 subtraces) (ID = 127431)
12:59 PM: HKLM\software\classes\clsid\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541}\ (10 subtraces) (ID = 127436)
12:59 PM: HKLM\software\classes\hbtinstie.hbinstobj.1\ (3 subtraces) (ID = 127467)
12:59 PM: HKLM\software\classes\hbtinstie.hbinstobj\ (5 subtraces) (ID = 127468)
12:59 PM: HKLM\software\classes\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 subtraces) (ID = 127537)
12:59 PM: HKLM\software\microsoft\office\outlook\addins\hbthostol.hbtmailanim\ (4 subtraces) (ID = 127590)
12:59 PM: HKCR\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 subtraces) (ID = 127635)
12:59 PM: Found Adware: screensavers
12:59 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550)
12:59 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140551)
12:59 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555)
12:59 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140556)
12:59 PM: HKLM\software\screensavers.com\ (ID = 140569)
12:59 PM: Found Adware: winad
12:59 PM: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857)
12:59 PM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
12:59 PM: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902)
12:59 PM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
12:59 PM: Found Adware: rx toolbar
12:59 PM: HKCR\rxresult.rxresultfilter\ (3 subtraces) (ID = 729537)
12:59 PM: HKCR\rxresult.rxresultfilter\clsid\ (1 subtraces) (ID = 729539)
12:59 PM: HKCR\rxresult.rxresultfilter.1\ (3 subtraces) (ID = 729541)
12:59 PM: HKCR\rxresult.rxresultfilter.1\clsid\ (1 subtraces) (ID = 729543)
12:59 PM: HKCR\rxresult.rxresulttracker\ (3 subtraces) (ID = 729545)
12:59 PM: HKCR\rxresult.rxresulttracker\clsid\ (1 subtraces) (ID = 729547)
12:59 PM: HKCR\rxresult.rxresulttracker.1\ (3 subtraces) (ID = 729549)
12:59 PM: HKCR\rxresult.rxresulttracker.1\clsid\ (1 subtraces) (ID = 729551)
12:59 PM: HKCR\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 subtraces) (ID = 729553)
12:59 PM: HKCR\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (8 subtraces) (ID = 729564)
12:59 PM: HKCR\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 subtraces) (ID = 729573)
12:59 PM: HKLM\software\classes\rxresult.rxresultfilter\ (3 subtraces) (ID = 729616)
12:59 PM: HKLM\software\classes\rxresult.rxresultfilter\clsid\ (1 subtraces) (ID = 729618)
12:59 PM: HKLM\software\classes\rxresult.rxresultfilter.1\ (3 subtraces) (ID = 729620)
12:59 PM: HKLM\software\classes\rxresult.rxresultfilter.1\clsid\ (1 subtraces) (ID = 729622)
12:59 PM: HKLM\software\classes\rxresult.rxresulttracker\ (3 subtraces) (ID = 729624)
12:59 PM: HKLM\software\classes\rxresult.rxresulttracker\clsid\ (1 subtraces) (ID = 729626)
12:59 PM: HKLM\software\classes\rxresult.rxresulttracker.1\ (3 subtraces) (ID = 729628)
12:59 PM: HKLM\software\classes\rxresult.rxresulttracker.1\clsid\ (1 subtraces) (ID = 729630)
12:59 PM: HKLM\software\classes\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}\ (10 subtraces) (ID = 729632)
12:59 PM: HKLM\software\classes\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}\ (8 subtraces) (ID = 729643)
12:59 PM: HKLM\software\classes\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}\ (9 subtraces) (ID = 729652)
12:59 PM: HKCR\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\ (10 subtraces) (ID = 774202)
12:59 PM: HKCR\interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6}\ (7 subtraces) (ID = 774214)
12:59 PM: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (7 subtraces) (ID = 774223)
12:59 PM: HKCR\interface\{19ebcbe0-9245-4397-bc5d-883d34782043}\ (7 subtraces) (ID = 774232)
12:59 PM: HKCR\interface\{27c4569f-8728-4958-a920-a607cae8153c}\ (7 subtraces) (ID = 774259)
12:59 PM: HKCR\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 subtraces) (ID = 774268)
12:59 PM: HKCR\interface\{397a208b-3d09-4b3e-93e8-ca171886612e}\ (7 subtraces) (ID = 774277)
12:59 PM: HKCR\interface\{421745e9-16df-4ee4-a758-d51f939c49cb}\ (7 subtraces) (ID = 774286)
12:59 PM: HKCR\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}\ (7 subtraces) (ID = 774295)
12:59 PM: HKCR\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}\ (7 subtraces) (ID = 774304)
12:59 PM: HKCR\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}\ (7 subtraces) (ID = 774331)
12:59 PM: HKCR\interface\{8654592e-952a-4e7c-a960-304763b35fa6}\ (7 subtraces) (ID = 774349)
12:59 PM: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (7 subtraces) (ID = 774358)
12:59 PM: HKCR\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}\ (7 subtraces) (ID = 774367)
12:59 PM: HKCR\interface\{8e98faf8-794f-47f9-af90-15305564ed81}\ (7 subtraces) (ID = 774376)
12:59 PM: HKCR\interface\{af15975b-1498-4740-8e6c-90af78e4198c}\ (7 subtraces) (ID = 774385)
12:59 PM: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (7 subtraces) (ID = 774394)
12:59 PM: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (7 subtraces) (ID = 774412)
12:59 PM: HKCR\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}\ (7 subtraces) (ID = 774421)
12:59 PM: HKCR\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}\ (7 subtraces) (ID = 774430)
12:59 PM: HKCR\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}\ (7 subtraces) (ID = 774439)
12:59 PM: HKCR\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}\ (7 subtraces) (ID = 774448)
12:59 PM: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (7 subtraces) (ID = 774457)
12:59 PM: HKCR\interface\{f814be58-1bf9-4b50-829a-e889f86127ad}\ (7 subtraces) (ID = 774466)
12:59 PM: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\inprocserver32\ (2 subtraces) (ID = 774480)
12:59 PM: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\progid\ (1 subtraces) (ID = 774483)
12:59 PM: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\programmable\ (ID = 774485)
12:59 PM: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\typelib\ (ID = 774486)
12:59 PM: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\versionindependentprogid\ (1 subtraces) (ID = 774488)
12:59 PM: HKLM\software\classes\interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6}\ (7 subtraces) (ID = 774490)
12:59 PM: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (7 subtraces) (ID = 774499)
12:59 PM: HKLM\software\classes\interface\{19ebcbe0-9245-4397-bc5d-883d34782043}\ (7 subtraces) (ID = 774508)
12:59 PM: HKLM\software\classes\interface\{27c4569f-8728-4958-a920-a607cae8153c}\ (7 subtraces) (ID = 774535)
12:59 PM: HKLM\software\classes\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 subtraces) (ID = 774544)
12:59 PM: HKLM\software\classes\interface\{397a208b-3d09-4b3e-93e8-ca171886612e}\ (7 subtraces) (ID = 774553)
12:59 PM: HKLM\software\classes\interface\{421745e9-16df-4ee4-a758-d51f939c49cb}\ (7 subtraces) (ID = 774562)
12:59 PM: HKLM\software\classes\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}\ (7 subtraces) (ID = 774571)
12:59 PM: HKLM\software\classes\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}\ (7 subtraces) (ID = 774580)
12:59 PM: HKLM\software\classes\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}\ (7 subtraces) (ID = 774607)
12:59 PM: HKLM\software\classes\interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad}\ (7 subtraces) (ID = 774616)
12:59 PM: HKLM\software\classes\interface\{8654592e-952a-4e7c-a960-304763b35fa6}\ (7 subtraces) (ID = 774625)
12:59 PM: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (7 subtraces) (ID = 774634)
12:59 PM: HKLM\software\classes\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}\ (7 subtraces) (ID = 774643)
12:59 PM: HKLM\software\classes\interface\{8e98faf8-794f-47f9-af90-15305564ed81}\ (7 subtraces) (ID = 774652)
12:59 PM: HKLM\software\classes\interface\{af15975b-1498-4740-8e6c-90af78e4198c}\ (7 subtraces) (ID = 774661)
12:59 PM: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (7 subtraces) (ID = 774670)
12:59 PM: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (7 subtraces) (ID = 774688)
12:59 PM: HKLM\software\classes\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}\ (7 subtraces) (ID = 774697)
12:59 PM: HKLM\software\classes\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}\ (7 subtraces) (ID = 774706)
12:59 PM: HKLM\software\classes\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}\ (7 subtraces) (ID = 774715)
12:59 PM: HKLM\software\classes\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}\ (7 subtraces) (ID = 774724)
12:59 PM: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (7 subtraces) (ID = 774733)
12:59 PM: HKLM\software\classes\interface\{f814be58-1bf9-4b50-829a-e889f86127ad}\ (7 subtraces) (ID = 774742)
12:59 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 775720)
12:59 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\mediagatewayx.dll (ID = 838612)
12:59 PM: Found Adware: coolwebsearch (cws)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-501\software\microsoft\windows\currentversion\run\ || quicktime task (ID = 112405)
12:59 PM: Found Adware: instafinder
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-501\software\instafink\ (14 subtraces) (ID = 128666)
12:59 PM: Found Adware: starware toolbar
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-501\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-501\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-501\software\starware\ (12 subtraces) (ID = 142866)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\hbtools\ (210 subtraces) (ID = 127563)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\shopperreports\ (4 subtraces) (ID = 127631)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\instafink\ (27 subtraces) (ID = 128666)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\microsoft\internet explorer\explorer bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (ID = 142855)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\starware\ (12 subtraces) (ID = 142866)
12:59 PM: Found Adware: 180search assistant/zango
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1006\software\zango\ (15 subtraces) (ID = 147919)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\hbtools\ (209 subtraces) (ID = 127563)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\shopperreports\ (4 subtraces) (ID = 127631)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\microsoft\internet explorer\explorer bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (ID = 142855)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1005\software\starware\ (12 subtraces) (ID = 142866)
12:59 PM: Found Adware: findthewebsiteyouneed hijacker
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\main\ || search page (ID = 125238)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\hbtools\ (242 subtraces) (ID = 127563)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (2 subtraces) (ID = 127568)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\explorer bars\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (2 subtraces) (ID = 127570)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\shopperreports\ (4 subtraces) (ID = 127631)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\rx toolbar\ (1 subtraces) (ID = 140298)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
12:59 PM: HKU\S-1-5-21-1644491937-2139871995-725345543-1004\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1000\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1000\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
12:59 PM: Found Adware: targetsaver
12:59 PM: HKU\WRSS_Profile_S-1-5-21-1644491937-2139871995-725345543-1000\software\tsl2\ (1 subtraces) (ID = 143616)
12:59 PM: Registry Sweep Complete, Elapsed Time:00:00:22
12:59 PM: Starting Cookie Sweep
12:59 PM: Found Spy Cookie: 2o7.net cookie
12:59 PM: roland cave@2o7[2].txt (ID = 1957)
12:59 PM: Found Spy Cookie: websponsors cookie
12:59 PM: roland cave@a.websponsors[2].txt (ID = 3665)
12:59 PM: Found Spy Cookie: yieldmanager cookie
12:59 PM: roland cave@ad.yieldmanager[2].txt (ID = 3751)
12:59 PM: Found Spy Cookie: adecn cookie
12:59 PM: roland cave@adecn[2].txt (ID = 2063)
12:59 PM: Found Spy Cookie: adknowledge cookie
12:59 PM: roland cave@adknowledge[1].txt (ID = 2072)
12:59 PM: Found Spy Cookie: hbmediapro cookie
12:59 PM: roland cave@adopt.hbmediapro[2].txt (ID = 2768)
12:59 PM: Found Spy Cookie: specificclick.com cookie
12:59 PM: roland cave@adopt.specificclick[1].txt (ID = 3400)
12:59 PM: Found Spy Cookie: addynamix cookie
12:59 PM: roland cave@ads.addynamix[2].txt (ID = 2062)
12:59 PM: Found Spy Cookie: cc214142 cookie
12:59 PM: roland cave@ads.cc214142[1].txt (ID = 2367)
12:59 PM: Found Spy Cookie: pointroll cookie
12:59 PM: roland cave@ads.pointroll[2].txt (ID = 3148)
12:59 PM: Found Spy Cookie: apmebf cookie
12:59 PM: roland cave@apmebf[2].txt (ID = 2229)
12:59 PM: Found Spy Cookie: falkag cookie
12:59 PM: roland cave@as1.falkag[2].txt (ID = 2650)
12:59 PM: Found Spy Cookie: ask cookie
12:59 PM: roland cave@ask[1].txt (ID = 2245)
12:59 PM: Found Spy Cookie: azjmp cookie
12:59 PM: roland cave@azjmp[2].txt (ID = 2270)
12:59 PM: Found Spy Cookie: belnk cookie
12:59 PM: roland cave@belnk[1].txt (ID = 2292)
12:59 PM: Found Spy Cookie: zedo cookie
12:59 PM: roland cave@c5.zedo[1].txt (ID = 3763)
12:59 PM: Found Spy Cookie: casalemedia cookie
12:59 PM: roland cave@casalemedia[1].txt (ID = 2354)
12:59 PM: roland cave@dist.belnk[2].txt (ID = 2293)
12:59 PM: Found Spy Cookie: exitexchange cookie
12:59 PM: roland cave@exitexchange[1].txt (ID = 2633)
12:59 PM: Found Spy Cookie: starware.com cookie
12:59 PM: roland cave@h.starware[2].txt (ID = 3442)
12:59 PM: Found Spy Cookie: clickandtrack cookie
12:59 PM: roland cave@hits.clickandtrack[2].txt (ID = 2397)
12:59 PM: Found Spy Cookie: screensavers.com cookie
12:59 PM: roland cave@i.screensavers[1].txt (ID = 3298)
12:59 PM: Found Spy Cookie: maxserving cookie
12:59 PM: roland cave@maxserving[2].txt (ID = 2966)
12:59 PM: Found Spy Cookie: qksrv cookie
12:59 PM: roland cave@qksrv[2].txt (ID = 3213)
12:59 PM: Found Spy Cookie: questionmarket cookie
12:59 PM: roland cave@questionmarket[1].txt (ID = 3217)
12:59 PM: Found Spy Cookie: realmedia cookie
12:59 PM: roland cave@realmedia[2].txt (ID = 3235)
12:59 PM: Found Spy Cookie: reunion cookie
12:59 PM: roland cave@reunion[2].txt (ID = 3255)
12:59 PM: Found Spy Cookie: revenue.net cookie
12:59 PM: roland cave@revenue[1].txt (ID = 3257)
12:59 PM: Found Spy Cookie: rn11 cookie
12:59 PM: roland cave@rn11[2].txt (ID = 3261)
12:59 PM: Found Spy Cookie: serving-sys cookie
12:59 PM: roland cave@serving-sys[2].txt (ID = 3343)
12:59 PM: roland cave@starware[2].txt (ID = 3441)
12:59 PM: Found Spy Cookie: trafficmp cookie
12:59 PM: roland cave@trafficmp[2].txt (ID = 3581)
12:59 PM: Found Spy Cookie: tribalfusion cookie
12:59 PM: roland cave@tribalfusion[1].txt (ID = 3589)
12:59 PM: Found Spy Cookie: videodome cookie
12:59 PM: roland cave@videodome[1].txt (ID = 3638)
12:59 PM: roland cave@www.starware[1].txt (ID = 3442)
12:59 PM: Found Spy Cookie: xiti cookie
12:59 PM: roland cave@xiti[1].txt (ID = 3717)
12:59 PM: roland cave@yieldmanager[1].txt (ID = 3749)
12:59 PM: Found Spy Cookie: adserver cookie
12:59 PM: roland cave@z1.adserver[1].txt (ID = 2142)
12:59 PM: roland cave@zedo[2].txt (ID = 3762)
12:59 PM: paul cave@ads.pointroll[2].txt (ID = 3148)
12:59 PM: paul cave@msnportal.112.2o7[1].txt (ID = 1958)
12:59 PM: paul cave@questionmarket[1].txt (ID = 3217)
12:59 PM: Found Spy Cookie: statcounter cookie
12:59 PM: paul cave@statcounter[1].txt (ID = 3447)
12:59 PM: aaron krall@2o7[2].txt (ID = 1957)
12:59 PM: Found Spy Cookie: 888 cookie
12:59 PM: aaron krall@888[2].txt (ID = 2019)
12:59 PM: aaron krall@a.websponsors[1].txt (ID = 3665)
12:59 PM: Found Spy Cookie: abcsearch cookie
12:59 PM: aaron krall@abcsearch[1].txt (ID = 2033)
12:59 PM: aaron krall@ad.yieldmanager[1].txt (ID = 3751)
12:59 PM: aaron krall@adecn[2].txt (ID = 2063)
12:59 PM: aaron krall@adknowledge[1].txt (ID = 2072)
12:59 PM: aaron krall@adopt.hbmediapro[2].txt (ID = 2768)
12:59 PM: aaron krall@adopt.specificclick[1].txt (ID = 3400)
12:59 PM: aaron krall@ads.addynamix[1].txt (ID = 2062)
12:59 PM: aaron krall@ads.cc214142[2].txt (ID = 2367)
12:59 PM: aaron krall@ads.pointroll[2].txt (ID = 3148)
12:59 PM: aaron krall@apmebf[2].txt (ID = 2229)
12:59 PM: aaron krall@as1.falkag[2].txt (ID = 2650)
12:59 PM: aaron krall@ask[1].txt (ID = 2245)
12:59 PM: aaron krall@azjmp[2].txt (ID = 2270)
12:59 PM: Found Spy Cookie: burstnet cookie
12:59 PM: aaron krall@burstnet[2].txt (ID = 2336)
12:59 PM: Found Spy Cookie: gostats cookie
12:59 PM: aaron krall@c3.gostats[2].txt (ID = 2748)
12:59 PM: aaron krall@c5.zedo[2].txt (ID = 3763)
12:59 PM: aaron krall@casalemedia[1].txt (ID = 2354)
12:59 PM: Found Spy Cookie: centrport net cookie
12:59 PM: aaron krall@centrport[1].txt (ID = 2374)
12:59 PM: Found Spy Cookie: ru4 cookie
12:59 PM: aaron krall@edge.ru4[2].txt (ID = 3269)
12:59 PM: aaron krall@exitexchange[1].txt (ID = 2633)
12:59 PM: aaron krall@gostats[2].txt (ID = 2747)
12:59 PM: aaron krall@hits.clickandtrack[1].txt (ID = 2397)
12:59 PM: aaron krall@i.screensavers[2].txt (ID = 3298)
12:59 PM: Found Spy Cookie: kmpads cookie
12:59 PM: aaron krall@kmpads[1].txt (ID = 2909)
12:59 PM: aaron krall@maxserving[2].txt (ID = 2966)
12:59 PM: Found Spy Cookie: military cookie
12:59 PM: aaron krall@military[2].txt (ID = 2996)
12:59 PM: Found Spy Cookie: nextag cookie
12:59 PM: aaron krall@nextag[1].txt (ID = 5014)
12:59 PM: Found Spy Cookie: partypoker cookie
12:59 PM: aaron krall@partypoker[2].txt (ID = 3111)
12:59 PM: Found Spy Cookie: overture cookie
12:59 PM: aaron krall@perf.overture[1].txt (ID = 3106)
12:59 PM: aaron krall@qksrv[2].txt (ID = 3213)
12:59 PM: aaron krall@questionmarket[1].txt (ID = 3217)
12:59 PM: aaron krall@realmedia[2].txt (ID = 3235)
12:59 PM: aaron krall@reunion[2].txt (ID = 3255)
12:59 PM: aaron krall@revenue[2].txt (ID = 3257)
12:59 PM: aaron krall@rn11[2].txt (ID = 3261)
12:59 PM: aaron krall@starware[2].txt (ID = 3441)
12:59 PM: Found Spy Cookie: reliablestats cookie
12:59 PM: aaron krall@stats1.reliablestats[1].txt (ID = 3254)
12:59 PM: Found Spy Cookie: tickle cookie
12:59 PM: aaron krall@tickle[1].txt (ID = 3529)
12:59 PM: aaron krall@trafficmp[1].txt (ID = 3581)
12:59 PM: aaron krall@tribalfusion[1].txt (ID = 3589)
12:59 PM: aaron krall@www.888[1].txt (ID = 2020)
12:59 PM: Found Spy Cookie: burstbeacon cookie
12:59 PM: aaron krall@www.burstbeacon[1].txt (ID = 2335)
12:59 PM: aaron krall@www.military[1].txt (ID = 2997)
12:59 PM: aaron krall@xiti[1].txt (ID = 3717)
12:59 PM: aaron krall@yieldmanager[1].txt (ID = 3749)
12:59 PM: aaron krall@z1.adserver[2].txt (ID = 2142)
12:59 PM: aaron krall@zedo[1].txt (ID = 3762)
12:59 PM: m7ncdpro@888[2].txt (ID = 2019)
12:59 PM: m7ncdpro@ad.yieldmanager[2].txt (ID = 3751)
12:59 PM: m7ncdpro@adknowledge[1].txt (ID = 2072)
12:59 PM: m7ncdpro@adopt.hbmediapro[2].txt (ID = 2768)
12:59 PM: m7ncdpro@ads.cc214142[2].txt (ID = 2367)
12:59 PM: m7ncdpro@azjmp[2].txt (ID = 2270)
12:59 PM: m7ncdpro@burstnet[1].txt (ID = 2336)
12:59 PM: m7ncdpro@exitexchange[2].txt (ID = 2633)
12:59 PM: m7ncdpro@h.starware[1].txt (ID = 3442)
12:59 PM: m7ncdpro@hits.clickandtrack[1].txt (ID = 2397)
12:59 PM: m7ncdpro@realmedia[1].txt (ID = 3235)
12:59 PM: m7ncdpro@statcounter[1].txt (ID = 3447)
12:59 PM: m7ncdpro@stats1.reliablestats[2].txt (ID = 3254)
12:59 PM: m7ncdpro@tickle[2].txt (ID = 3529)
12:59 PM: m7ncdpro@videodome[1].txt (ID = 3638)
12:59 PM: m7ncdpro@www.888[1].txt (ID = 2020)
12:59 PM: m7ncdpro@www.burstbeacon[1].txt (ID = 2335)
12:59 PM: m7ncdpro@www.starware[1].txt (ID = 3442)
12:59 PM: Found Spy Cookie: upspiral cookie
12:59 PM: m7ncdpro@www.upspiral[1].txt (ID = 3615)
12:59 PM: Found Spy Cookie: yadro cookie
12:59 PM: m7ncdpro@yadro[1].txt (ID = 3743)
12:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
12:59 PM: Starting File Sweep
12:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:59 PM: c:\documents and settings\paul cave\application data\hbtools (194 subtraces) (ID = -2147480879)
12:59 PM: c:\documents and settings\m7ncdpro\application data\hbtools (266 subtraces) (ID = -2147480879)
12:59 PM: c:\program files\hbtools (12 subtraces) (ID = -2147480872)
12:59 PM: c:\documents and settings\aaron krall\application data\hbtools (434 subtraces) (ID = -2147480879)
12:59 PM: c:\documents and settings\roland cave\application data\hbtools (729 subtraces) (ID = -2147480879)
12:59 PM: c:\documents and settings\guest\application data\starware (50 subtraces) (ID = -2147480225)
12:59 PM: c:\documents and settings\roland cave\application data\starware (50 subtraces) (ID = -2147480225)
12:59 PM: c:\documents and settings\paul cave\application data\starware (53 subtraces) (ID = -2147480225)
12:59 PM: d_icons_buttons_1000.xip (ID = 114339)
12:59 PM: d_icons_buttons_bbar1.res (ID = 121825)
12:59 PM: default_hotbarcom.mnu (ID = 121820)
12:59 PM: d_icons_weather.res (ID = 121840)
12:59 PM: d_icons_buttons_bbar1.res (ID = 121825)
12:59 PM: d_icons_buttons_2000.xip (ID = 114390)
12:59 PM: d_icons_weather.res (ID = 121840)
12:59 PM: d_icons_buttons_bbar1.res (ID = 121825)
1:00 PM: tsd_bg.res (ID = 62382)
1:00 PM: t2_bg.res (ID = 121851)
1:00 PM: progress.res (ID = 62367)
1:00 PM: default_hotbarcom.mnu (ID = 121820)
1:00 PM: tsd_bg.res (ID = 62382)
1:00 PM: t2_bg.res (ID = 121851)
1:00 PM: progress.res (ID = 62367)
1:00 PM: icons2.res (ID = 121846)
1:00 PM: d_icons_buttons_3000.xip (ID = 114353)
1:00 PM: d_icons_buttons_bbar1.res (ID = 121825)
1:00 PM: d_icons_buttons_3000.res (ID = 121824)
1:00 PM: tsd_bg.res (ID = 62382)
1:00 PM: t2_bg.res (ID = 121851)
1:00 PM: icons2.res (ID = 121846)
1:00 PM: d_icons_buttons_2000.res (ID = 121823)
1:00 PM: progress.res (ID = 62367)
1:00 PM: d_icons_buttons_3000.xip (ID = 114353)
1:00 PM: d_icons_buttons_3000.res (ID = 121824)
1:01 PM: d_icons_buttons_3000.res (ID = 121824)
1:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:01 PM: icons2.xip (ID = 121862)
1:01 PM: d_icons_buttons_1000.xip (ID = 114339)
1:01 PM: d_icons_weather.res (ID = 121840)
1:01 PM: icons2.xip (ID = 121862)
1:01 PM: progress.res (ID = 62367)
1:01 PM: country.exe (ID = 121818)
1:01 PM: default_hotbarcom.mnu (ID = 121820)
1:01 PM: icons2.res (ID = 121846)
1:01 PM: d_icons_buttons_3000.res (ID = 121824)
1:01 PM: country.exe (ID = 121818)
1:01 PM: d_icons_weather.res (ID = 121840)
1:01 PM: d_icons_buttons_3000.xip (ID = 114353)
1:01 PM: country.exe (ID = 121818)
1:01 PM: country.xip (ID = 121857)
1:01 PM: country.xip (ID = 121857)
1:01 PM: country.exe (ID = 121818)
1:01 PM: d_icons_weather.res (ID = 121840)
1:01 PM: country.exe (ID = 121818)
1:01 PM: d_icons_weather.res (ID = 121840)
1:02 PM: country.exe (ID = 121818)
1:02 PM: dbenderc.dll (ID = 62276)
1:02 PM: country.exe (ID = 121818)
1:02 PM: country.xip (ID = 121857)
1:02 PM: icons2.xip (ID = 121862)
1:02 PM: d_icons_buttons_3000.xip (ID = 114353)
1:02 PM: default_hotbarcom.mnu (ID = 121820)
1:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:02 PM: d_icons_weather.xip (ID = 121860)
1:02 PM: tsd_bg.xip (ID = 62383)
1:02 PM: t2_bg.xip (ID = 121869)
1:02 PM: country.xip (ID = 121857)
1:02 PM: d_icons_buttons_bbar1.xip (ID = 114354)
1:02 PM: d_icons_weather.xip (ID = 121860)
1:02 PM: d_icons_buttons_1000.res (ID = 121822)
1:02 PM: tsd_bg.xip (ID = 62383)
1:02 PM: t2_bg.xip (ID = 121869)
1:02 PM: d_icons_buttons_1000.xip (ID = 114339)
1:02 PM: icons2.res (ID = 121846)
1:02 PM: tsd_bg.res (ID = 62382)
1:02 PM: t2_bg.res (ID = 121851)
1:02 PM: progress.res (ID = 62367)
1:02 PM: d_icons_buttons_bbar1.res (ID = 121825)
1:02 PM: default_hotbarcom.mnu (ID = 121820)
1:02 PM: d_icons_buttons_bbar1.res (ID = 121825)
1:02 PM: d_icons_buttons_bbar1.xip (ID = 114354)
1:02 PM: d_icons_buttons_3000.res (ID = 121824)
1:02 PM: tsd_bg.res (ID = 62382)
1:03 PM: tsd_bg.res (ID = 62382)
1:03 PM: t2_bg.res (ID = 121851)
1:03 PM: progress.res (ID = 62367)
1:03 PM: default_hotbarcom.mnu (ID = 121820)
1:03 PM: Found Adware: navexcel navhelper
1:03 PM: nhelper.htm (ID = 70374)
1:03 PM: d_icons_buttons_1000.res (ID = 121822)
1:03 PM: t2_bg.res (ID = 121851)
1:03 PM: d_icons_buttons_2000.res (ID = 121823)
1:03 PM: progress.res (ID = 62367)
1:03 PM: d_icons_buttons_1000.res (ID = 121822)
1:03 PM: d_icons_buttons_2000.xip (ID = 114390)
1:03 PM: default_hotbarcom.mnu (ID = 121820)
1:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:03 PM: d_icons_buttons_1000.res (ID = 121822)
1:03 PM: d_icons_buttons_3000.res (ID = 121824)
1:03 PM: d_icons_buttons_2000.res (ID = 121823)
1:03 PM: d_icons_buttons_1000.res (ID = 121822)
1:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:04 PM: d_icons_buttons_2000.res (ID = 121823)
1:04 PM: d_icons_buttons_1000.res (ID = 121822)
1:04 PM: d_icons_buttons_1000.res (ID = 121822)
1:04 PM: oqkwc.dll (ID = 78253)
1:04 PM: vocabulary (ID = 78283)
1:04 PM: class-barrel (ID = 78229)
1:04 PM: icons2.res (ID = 121846)
1:04 PM: icons2.res (ID = 121846)
1:04 PM: icons2.res (ID = 121846)
1:04 PM: t2_bg.res (ID = 121851)
1:04 PM: d_icons_weather.res (ID = 121840)
1:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:05 PM: Found Adware: gain-supported software
1:05 PM: hdplugin1101.inf (ID = 122623)
1:05 PM: d_icons_buttons_2000.xip (ID = 114390)
1:05 PM: Found Adware: apropos
1:05 PM: wingenerics.dll (ID = 50187)
1:05 PM: d_icons_buttons_2000.res (ID = 121823)
1:05 PM: d_icons_buttons_2000.res (ID = 121823)
1:05 PM: d_icons_weather.xip (ID = 121860)
1:05 PM: tsd_bg.xip (ID = 62383)
1:05 PM: t2_bg.xip (ID = 121869)
1:05 PM: d_icons_buttons_bbar1.xip (ID = 114354)
1:06 PM: d_icons_buttons_2000.xip (ID = 114390)
1:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:06 PM: d_icons_buttons_3000.res (ID = 121824)
1:06 PM: d_icons_buttons_bbar1.res (ID = 121825)
1:06 PM: d_icons_buttons_1000.xip (ID = 114339)
1:06 PM: d_icons_buttons_1000.res (ID = 121822)
1:06 PM: d_icons_buttons_2000.res (ID = 121823)
1:06 PM: d_icons_buttons_3000.res (ID = 121824)
1:06 PM: d_icons_weather.res (ID = 121840)
1:06 PM: tsd_bg.res (ID = 62382)
1:06 PM: t2_bg.res (ID = 121851)
1:06 PM: progress.res (ID = 62367)
1:06 PM: d_icons_buttons_bbar1.res (ID = 121825)
1:07 PM: country.exe (ID = 121818)
1:07 PM: icons2.res (ID = 121846)
1:07 PM: default_hotbarcom.mnu (ID = 121820)
1:07 PM: tsd_bg.res (ID = 62382)
1:07 PM: d_icons_buttons_2000.res (ID = 121823)
1:07 PM: d_icons_weather.xip (ID = 121860)
1:07 PM: tsd_bg.xip (ID = 62383)
1:07 PM: t2_bg.xip (ID = 121869)
1:07 PM: d_icons_buttons_bbar1.xip (ID = 114354)
1:07 PM: icons2.xip (ID = 121862)
1:07 PM: linkpathlegal.txt (ID = 121849)
1:07 PM: d_icons_buttons_logos.res (ID = 62295)
1:07 PM: d_icons_buttons_other.res (ID = 62295)
1:07 PM: d_icons_buttons_bar.res (ID = 62295)
1:07 PM: default_mails.mnu (ID = 121821)
1:07 PM: email-def-511724-9595.mnu (ID = 121842)
1:07 PM: email-def-511724-548964.mnu (ID = 121841)
1:07 PM: ads.cdf (ID = 121815)
1:07 PM: hotbar-premium.cdf (ID = 121845)
1:07 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
1:07 PM: linkpathlegal.txt (ID = 121849)
1:07 PM: d_icons_buttons_logos.res (ID = 62295)
1:07 PM: d_icons_buttons_other.res (ID = 62295)
1:07 PM: d_icons_buttons_bar.res (ID = 62295)
1:07 PM: default_mails.mnu (ID = 121821)
1:07 PM: email-def-511724-9595.mnu (ID = 121842)
1:07 PM: email-def-511724-548964.mnu (ID = 121841)
1:07 PM: ads.cdf (ID = 121815)
1:07 PM: hotbar-premium.cdf (ID = 121845)
1:07 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
1:07 PM: linkpathlegal.txt (ID = 121849)
1:07 PM: d_icons_buttons_other.res (ID = 62295)
1:07 PM: d_icons_buttons_logos.res (ID = 62295)
1:07 PM: d_icons_buttons_bar.res (ID = 62295)
1:07 PM: default_mails.mnu (ID = 121821)
1:07 PM: email-def-511724-9595.mnu (ID = 121842)
1:07 PM: email-def-511724-548964.mnu (ID = 121841)
1:07 PM: ads.cdf (ID = 121815)
1:07 PM: hotbar-premium.cdf (ID = 121845)
1:07 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
1:07 PM: linkpathlegal.txt (ID = 121849)
1:07 PM: linkpathlegal.xip (ID = 121866)
1:07 PM: d_icons_buttons_logos.xip (ID = 62296)
1:07 PM: d_icons_buttons_other.xip (ID = 62296)
1:07 PM: progress.xip (ID = 62368)
1:07 PM: d_icons_buttons_bar.xip (ID = 62296)
1:07 PM: business_promo.xip (ID = 121856)
1:07 PM: hotbar_promo.xip (ID = 114346)
1:07 PM: ads.xip (ID = 121855)
1:07 PM: hotbar-premium.xip (ID = 114359)
1:07 PM: linkpathlegal.xip (ID = 121866)
1:07 PM: d_icons_buttons_logos.xip (ID = 62296)
1:07 PM: d_icons_buttons_other.xip (ID = 62296)
1:07 PM: progress.xip (ID = 62368)
1:07 PM: d_icons_buttons_bar.xip (ID = 62296)
1:07 PM: business_promo.xip (ID = 121856)
1:07 PM: hotbar_promo.xip (ID = 114346)
1:07 PM: ads.xip (ID = 121855)
1:07 PM: hotbar-premium.xip (ID = 114359)
1:07 PM: linkpathlegal.txt (ID = 121849)
1:07 PM: d_icons_buttons_logos.res (ID = 62295)
1:07 PM: d_icons_buttons_other.res (ID = 62295)
1:07 PM: d_icons_buttons_bar.res (ID = 62295)
1:07 PM: default_mails.mnu (ID = 121821)
1:07 PM: email-def-511724-9595.mnu (ID = 121842)
1:07 PM: email-def-511724-548964.mnu (ID = 121841)
1:07 PM: ads.cdf (ID = 121815)
1:07 PM: hotbar-premium.cdf (ID = 121845)
1:07 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
1:07 PM: linkpathlegal.xip (ID = 121866)
1:07 PM: d_icons_buttons_logos.xip (ID = 62296)
1:07 PM: d_icons_buttons_other.xip (ID = 62296)
1:07 PM: progress.xip (ID = 62368)
1:07 PM: d_icons_buttons_bar.xip (ID = 62296)
1:07 PM: business_promo.xip (ID = 121856)
1:07 PM: hotbar_promo.xip (ID = 114346)
1:07 PM: ads.xip (ID = 121855)
1:07 PM: hotbar-premium.xip (ID = 114359)
1:07 PM: linkpathlegal.txt (ID = 121849)
1:07 PM: d_icons_buttons_logos.res (ID = 62295)
1:07 PM: d_icons_buttons_other.res (ID = 62295)
1:07 PM: d_icons_buttons_bar.res (ID = 62295)
1:07 PM: default_mails.mnu (ID = 121821)
1:07 PM: email-def-511724-9595.mnu (ID = 121842)
1:07 PM: email-def-511724-548964.mnu (ID = 121841)
1:07 PM: ads.cdf (ID = 121815)
1:07 PM: hotbar-premium.cdf (ID = 121845)
1:07 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
1:07 PM: d_icons_buttons_logos.res (ID = 62295)
1:07 PM: d_icons_buttons_other.res (ID = 62295)
1:07 PM: d_icons_buttons_bar.res (ID = 62295)
1:07 PM: default_mails.mnu (ID = 121821)
1:07 PM: email-def-511724-9595.mnu (ID = 121842)
1:07 PM: email-def-511724-548964.mnu (ID = 121841)
1:07 PM: ads.cdf (ID = 121815)
1:07 PM: hotbar-premium.cdf (ID = 121845)
1:07 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
1:07 PM: linkpathlegal.xip (ID = 121866)
1:07 PM: d_icons_buttons_logos.xip (ID = 62296)
1:07 PM: d_icons_buttons_other.xip (ID = 62296)
1:07 PM: progress.xip (ID = 62368)
1:07 PM: d_icons_buttons_bar.xip (ID = 62296)
1:07 PM: business_promo.xip (ID = 121856)
1:07 PM: hotbar_promo.xip (ID = 114346)
1:07 PM: ads.xip (ID = 121855)
1:07 PM: hotbar-premium.xip (ID = 114359)
1:07 PM: linkpathlegal.txt (ID = 121849)
1:07 PM: d_icons_buttons_logos.res (ID = 62295)
1:07 PM: d_icons_buttons_other.res (ID = 62295)
1:07 PM: d_icons_buttons_bar.res (ID = 62295)
1:07 PM: default_mails.mnu (ID = 121821)
1:07 PM: email-def-511724-9595.mnu (ID = 121842)
1:07 PM: email-def-511724-548964.mnu (ID = 121841)
1:07 PM: ads.cdf (ID = 121815)
1:07 PM: hotbar-premium.cdf (ID = 121845)
1:07 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
1:07 PM: linkpathlegal.txt (ID = 121849)
1:07 PM: d_icons_buttons_logos.res (ID = 62295)
1:07 PM: d_icons_buttons_other.res (ID = 62295)
1:07 PM: d_icons_buttons_bar.res (ID = 62295)
1:07 PM: default_mails.mnu (ID = 121821)
1:07 PM: email-def-511724-9595.mnu (ID = 121842)
1:07 PM: email-def-511724-548964.mnu (ID = 121841)
1:07 PM: ads.cdf (ID = 121815)
1:07 PM: hotbar-premium.cdf (ID = 121845)
1:07 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
1:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:07 PM: File Sweep Complete, Elapsed Time: 00:08:06
1:07 PM: Full Sweep has completed. Elapsed time 00:11:39
1:07 PM: Traces Found: 3803
1:08 PM: Removal process initiated
1:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:09 PM: Quarantining All Traces: 180search assistant/zango
1:09 PM: Quarantining All Traces: apropos
1:09 PM: apropos is in use. It will be removed on reboot.
1:09 PM: wingenerics.dll is in use. It will be removed on reboot.
1:09 PM: Quarantining All Traces: coolwebsearch (cws)
1:09 PM: Quarantining All Traces: findthewebsiteyouneed hijacker
1:09 PM: Quarantining All Traces: gain-supported software
1:09 PM: Quarantining All Traces: hotbar
1:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
1:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
1:11 PM: Quarantining All Traces: icannnews
1:11 PM: icannnews is in use. It will be removed on reboot.
1:11 PM: C:\WINNT\system32\ir22l5fo1.dll is in use. It will be removed on reboot.
1:11 PM: C:\WINNT\system32\guard.tmp is in use. It will be removed on reboot.
1:11 PM: Quarantining All Traces: instafinder
1:11 PM: Quarantining All Traces: navexcel navhelper
1:11 PM: Quarantining All Traces: rx toolbar
1:11 PM: Quarantining All Traces: screensavers
1:11 PM: Quarantining All Traces: starware toolbar
1:11 PM: Quarantining All Traces: targetsaver
1:11 PM: Quarantining All Traces: winad
1:11 PM: Quarantining All Traces: 2o7.net cookie
1:11 PM: Quarantining All Traces: 888 cookie
1:11 PM: Quarantining All Traces: abcsearch cookie
1:11 PM: Quarantining All Traces: addynamix cookie
1:11 PM: Quarantining All Traces: adecn cookie
1:11 PM: Quarantining All Traces: adknowledge cookie
1:11 PM: Quarantining All Traces: adserver cookie
1:11 PM: Quarantining All Traces: apmebf cookie
1:11 PM: Quarantining All Traces: ask cookie
1:11 PM: Quarantining All Traces: azjmp cookie
1:11 PM: Quarantining All Traces: belnk cookie
1:11 PM: Quarantining All Traces: burstbeacon cookie
1:11 PM: Quarantining All Traces: burstnet cookie
1:11 PM: Quarantining All Traces: casalemedia cookie
1:11 PM: Quarantining All Traces: cc214142 cookie
1:11 PM: Quarantining All Traces: centrport net cookie
1:11 PM: Quarantining All Traces: clickandtrack cookie
1:11 PM: Quarantining All Traces: exitexchange cookie
1:11 PM: Quarantining All Traces: falkag cookie
1:11 PM: Quarantining All Traces: gostats cookie
1:11 PM: Quarantining All Traces: hbmediapro cookie
1:11 PM: Quarantining All Traces: kmpads cookie
1:11 PM: Quarantining All Traces: maxserving cookie
1:11 PM: Quarantining All Traces: military cookie
1:11 PM: Quarantining All Traces: nextag cookie
1:11 PM: Quarantining All Traces: overture cookie
1:11 PM: Quarantining All Traces: partypoker cookie
1:11 PM: Quarantining All Traces: pointroll cookie
1:11 PM: Quarantining All Traces: qksrv cookie
1:11 PM: Quarantining All Traces: questionmarket cookie
1:11 PM: Quarantining All Traces: realmedia cookie
1:11 PM: Quarantining All Traces: reliablestats cookie
1:11 PM: Quarantining All Traces: reunion cookie
1:11 PM: Quarantining All Traces: revenue.net cookie
1:11 PM: Quarantining All Traces: rn11 cookie
1:11 PM: Quarantining All Traces: ru4 cookie
1:11 PM: Quarantining All Traces: screensavers.com cookie
1:11 PM: Quarantining All Traces: serving-sys cookie
1:11 PM: Quarantining All Traces: specificclick.com cookie
1:11 PM: Quarantining All Traces: starware.com cookie
1:11 PM: Quarantining All Traces: statcounter cookie
1:11 PM: Quarantining All Traces: tickle cookie
1:11 PM: Quarantining All Traces: trafficmp cookie
1:11 PM: Quarantining All Traces: tribalfusion cookie
1:11 PM: Quarantining All Traces: upspiral cookie
1:11 PM: Quarantining All Traces: videodome cookie
1:11 PM: Quarantining All Traces: websponsors cookie
1:11 PM: Quarantining All Traces: xiti cookie
1:11 PM: Quarantining All Traces: yadro cookie
1:11 PM: Quarantining All Traces: yieldmanager cookie
1:11 PM: Quarantining All Traces: zedo cookie
1:11 PM: Warning: Launched explorer.exe
1:11 PM: Warning: Quarantine process could not restart Explorer.
1:12 PM: Removal process completed. Elapsed time 00:04:18
********
12:55 PM: | Start of Session, Tuesday, November 15, 2005 |
12:55 PM: Spy Sweeper started
12:55 PM: Messenger service has been disabled.
12:55 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
12:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:56 PM: | End of Session, Tuesday, November 15, 2005 |

Thank you soooo much!!!

#4 DrWatson

DrWatson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 15 November 2005 - 03:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:21:08 PM, on 11/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\savedump.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\SYSTEM32\USRshutA.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\UAService7.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USRpdA] C:\WINNT\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O20 - Winlogon Notify: DateTime - C:\WINNT\system32\mgl_mtf.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TTdOQ0RQUk8\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:19 AM

Posted 15 November 2005 - 03:32 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

#6 DrWatson

DrWatson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 15 November 2005 - 10:43 PM

Here is a fresh HijackThis Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:49 PM, on 11/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\savedump.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINNT\SYSTEM32\USRshutA.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USRpdA] C:\WINNT\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O20 - Winlogon Notify: Internet Settings - C:\WINNT\system32\fp6s03j7e.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TTdOQ0RQUk8\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

...and my log.txt file for aproposfix:

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\M7NCDPRO\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C6XT3A2nhkm5]
@="orgDDC2OPPOPPQPyDpMH:dIOPPOeRPykppvPuMGH2AVUP1F6J2FGPDFC1:CC8QGMG"
"Device"="\\\\.\\WpNytbBu"
"DriverPath"="C:\\WINNT\\System32\\drivers\\prodbook.sys"
"DriverName"="MPEppoe"
"HideUninstallerName"="C:\\Program Files\\Zonports\\dpsicwmi.exe"
"HDll"="C:\\WINNT\\System32\\cmsrec32.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.LAV"
"InstallationId"="{Xac2ee94-5194-634b-1191-7b846ad52dd4}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Zonports\\msenetbs.exe"
"AutoUpdater"="C:\\WINNT\\System32\\cald3d9.exe"
"Version"="2.0.106"
"LastAURestoreMsgTS"="2005:11:15-16:15:10:514"

************

Removing hidden service:
Service MPEppoe removed.

Removing hidden folder:
Deletion of folder Zonports succeeded!

Deleting files:

Deletion of file C:\WINNT\System32\drivers\prodbook.sys succeeded!
Deletion of file C:\WINNT\System32\cald3d9.exe succeeded!
Deletion of file C:\WINNT\System32\cmsrec32.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C6XT3A2nhkm5]
[-HKEY_LOCAL_MACHINE\Software\C6XT3A2nhkm5]

Done!

Finished!

~Thank you!! :thumbsup:

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:19 AM

Posted 16 November 2005 - 12:13 PM

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

#8 DrWatson

DrWatson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 November 2005 - 12:39 PM

Here is my l2mfix logfile:

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\ktjml7111.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{9A6A0B96-2D4C-E0D2-37EE-13658C9DFEE5}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{0DF49261-F891-4A12-9092-EC3566EADCCC}"="PixVuePropertySheet Class"
"{E376AE75-7C59-4487-B40C-082CCBB4ABDE}"="PixVueContextMenu Class"
"{F36B4023-B4F2-4C40-9CDC-0E1B0C66F1FC}"="PixVueInfoTip Class"
"{5D2257E7-CCBF-496F-A579-0E5625E2E15B}"="PixVueColumnProvider Class"
"{89434BB7-16EA-4562-8372-5AD47F18F97B}"="PixVueNamespace Class"
"{0117FFFB-91FD-414E-AC34-A00531032006}"="PixVueShellIconOverlayIdentifier Class"
"{3E57A8B6-849B-476E-A3E9-CFCE49E3662A}"="PixVueExifShellIconOverlayIdentifier Class"
"{F0C13C81-FB8D-464e-873F-F8FF999E3EEC}"="PixVueXmpShellIconOverlayIdentifier Class"
"{BCA5FB3A-9FC1-4465-ACE3-8C2072449164}"="PixVueIptcShellIconOverlayIdentifier Class"
"{E1C1BE26-35A8-4999-A3A6-235CB7BD558B}"="PixVueExifXmpShellIconOverlayIdentifier Class"
"{E3F36090-0540-418f-8136-074D5B255B59}"="PixVueExifIptcShellIconOverlayIdentifier Class"
"{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}"="PixVueExifBothShellIconOverlayIdentifier Class"
"{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}"="ShellPlusContextMenu"
"{EAEBA95C-C8B9-4261-8AEA-F9F940D6493D}"=""
"{48B265C2-4576-491F-B427-2117DFDFF0E0}"=""
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{AEA1A5B2-6801-4141-92E7-655CDFEEFD76}"=""
"{DF4348F1-0206-4E8E-83FB-A4973FF01E1E}"=""
"{EFE30616-925B-4A97-A49B-81431C342838}"=""
"{5759250D-6A54-4708-8DC7-4FE84F6B49BD}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{4C268739-59D9-4105-BA32-C03B54212DD5}"=""
"{17138FE6-813B-4414-B570-2F0CB2F0A34F}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{07C18F6D-0D65-4F0E-BBA6-19CCCC479DF9}"=""
"{ECCD9232-E6EF-4AFE-B7F4-BDB2F3FEED64}"=""
"{33E628CB-7C9E-4093-A1DD-C246CE9A3DF1}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EAEBA95C-C8B9-4261-8AEA-F9F940D6493D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAEBA95C-C8B9-4261-8AEA-F9F940D6493D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAEBA95C-C8B9-4261-8AEA-F9F940D6493D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EAEBA95C-C8B9-4261-8AEA-F9F940D6493D}\InprocServer32]
@="C:\\WINNT\\system32\\nxlanui2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AEA1A5B2-6801-4141-92E7-655CDFEEFD76}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEA1A5B2-6801-4141-92E7-655CDFEEFD76}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEA1A5B2-6801-4141-92E7-655CDFEEFD76}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AEA1A5B2-6801-4141-92E7-655CDFEEFD76}\InprocServer32]
@="C:\\WINNT\\system32\\saim.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DF4348F1-0206-4E8E-83FB-A4973FF01E1E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DF4348F1-0206-4E8E-83FB-A4973FF01E1E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DF4348F1-0206-4E8E-83FB-A4973FF01E1E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DF4348F1-0206-4E8E-83FB-A4973FF01E1E}\InprocServer32]
@="C:\\WINNT\\system32\\cimpstui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5759250D-6A54-4708-8DC7-4FE84F6B49BD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5759250D-6A54-4708-8DC7-4FE84F6B49BD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5759250D-6A54-4708-8DC7-4FE84F6B49BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5759250D-6A54-4708-8DC7-4FE84F6B49BD}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{07C18F6D-0D65-4F0E-BBA6-19CCCC479DF9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07C18F6D-0D65-4F0E-BBA6-19CCCC479DF9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07C18F6D-0D65-4F0E-BBA6-19CCCC479DF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{07C18F6D-0D65-4F0E-BBA6-19CCCC479DF9}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ECCD9232-E6EF-4AFE-B7F4-BDB2F3FEED64}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECCD9232-E6EF-4AFE-B7F4-BDB2F3FEED64}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECCD9232-E6EF-4AFE-B7F4-BDB2F3FEED64}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ECCD9232-E6EF-4AFE-B7F4-BDB2F3FEED64}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{33E628CB-7C9E-4093-A1DD-C246CE9A3DF1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33E628CB-7C9E-4093-A1DD-C246CE9A3DF1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33E628CB-7C9E-4093-A1DD-C246CE9A3DF1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33E628CB-7C9E-4093-A1DD-C246CE9A3DF1}\InprocServer32]
@="C:\\WINNT\\system32\\ipetpp.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
atmtd.dll Mon Nov 7 2005 1:35:08p A.... 687,592 671.48 K
cycdll.dll Mon Nov 14 2005 8:34:24a ..S.R 234,244 228.75 K
dnn801~1.dll Wed Nov 16 2005 7:31:34a ..S.R 233,673 228.20 K
e4jm0e~1.dll Tue Nov 15 2005 9:14:40a ..S.R 235,583 230.06 K
ennol1~1.dll Mon Nov 14 2005 8:34:24a ..S.R 235,595 230.07 K
h4j4le~1.dll Sat Nov 12 2005 5:05:12p ..S.R 237,240 231.68 K
ipetpp.dll Wed Nov 16 2005 7:59:54a ..S.R 237,039 231.48 K
irl8l5~1.dll Tue Nov 15 2005 1:20:00p ..S.R 237,304 231.74 K
islzma.dll Fri Oct 21 2005 3:50:14p A.... 102,912 100.50 K
ktjml7~1.dll Tue Nov 15 2005 8:31:00p ..S.R 237,039 231.48 K
m4nq0e~1.dll Mon Nov 14 2005 4:55:30p ..S.R 234,244 228.75 K
mrdocs.dll Tue Nov 15 2005 8:25:00p ..S.R 237,039 231.48 K
p2r4lc~1.dll Wed Nov 16 2005 7:59:52a ..S.R 233,994 228.51 K
pncrt.dll Fri Oct 21 2005 4:57:26p A.... 278,528 272.00 K
pndx5016.dll Fri Oct 21 2005 4:57:28p A.... 6,656 6.50 K
pndx5032.dll Fri Oct 21 2005 4:57:28p A.... 5,632 5.50 K
qdgr.dll Tue Nov 15 2005 6:33:56p ..S.R 237,039 231.48 K
rewire.dll Sat Sep 17 2005 3:26:38p A.... 225,280 220.00 K
rexsha~1.dll Sat Sep 17 2005 3:26:38p A.... 233,472 228.00 K
rmoc3260.dll Fri Oct 21 2005 4:57:34p A.... 176,167 172.04 K
rysmxs.dll Tue Nov 15 2005 1:20:00p ..S.R 235,469 229.95 K
sbrrun.dll Tue Nov 15 2005 9:09:46a ..S.R 235,469 229.95 K
t8r8li~1.dll Tue Nov 15 2005 6:33:56p ..S.R 234,197 228.71 K
ucrfaxa.dll Mon Nov 14 2005 4:54:30p ..S.R 234,244 228.75 K
vsdata.dll Mon Aug 29 2005 7:08:34p A.... 83,712 81.75 K
vsinit.dll Mon Aug 29 2005 7:08:46p A.... 141,056 137.75 K
vsmonapi.dll Mon Aug 29 2005 7:08:54p A.... 104,192 101.75 K
vspubapi.dll Mon Aug 29 2005 7:08:58p A.... 227,072 221.75 K
vsregexp.dll Mon Aug 29 2005 7:09:02p A.... 71,424 69.75 K
vsutil.dll Mon Aug 29 2005 7:09:14p A.... 382,720 373.75 K
vsxml.dll Mon Aug 29 2005 7:09:22p A.... 100,096 97.75 K
wrlogo~1.dll Mon Oct 24 2005 12:19:50p A.... 492,544 481.00 K
wrlzma.dll Mon Oct 24 2005 12:19:46p A.... 17,920 17.50 K
zlcomm.dll Mon Aug 29 2005 7:09:42p A.... 79,616 77.75 K
zlcommdb.dll Mon Aug 29 2005 7:09:46p A.... 71,424 69.75 K

35 items found: 35 files (16 H/S), 0 directories.
Total of file sizes: 7,257,427 bytes 6.92 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is E055-8E9B

Directory of C:\WINNT\System32

11/16/2005 07:59 AM 237,039 ipetpp.dll
11/16/2005 07:59 AM 233,994 p2r4lc9q1f.dll
11/16/2005 07:31 AM 233,673 dnn8015ue.dll
11/15/2005 08:30 PM 237,039 ktjml7111.dll
11/15/2005 08:24 PM 237,039 mrdocs.dll
11/15/2005 06:33 PM 237,039 qdgr.dll
11/15/2005 06:33 PM 234,197 t8r8li9u18.dll
11/15/2005 01:19 PM 235,469 rYsmxs.dll
11/15/2005 01:19 PM 237,304 irl8l53u1.dll
11/15/2005 09:14 AM 235,583 e4jm0e11eh.dll
11/15/2005 09:09 AM 235,469 sbrrun.dll
11/14/2005 04:55 PM 234,244 m4nq0e55eh.dll
11/14/2005 04:54 PM 234,244 ucrfaxa.dll
11/14/2005 10:39 AM <DIR> dllcache
11/14/2005 08:34 AM 234,244 cycdll.dll
11/14/2005 08:34 AM 235,595 ennol1531.dll
11/12/2005 05:05 PM 237,240 h4j4le1q1h.dll
16 File(s) 3,769,412 bytes
1 Dir(s) 32,955,740,160 bytes free

:thumbsup:

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:19 AM

Posted 16 November 2005 - 12:42 PM

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

Note : Once the pc has restarted if a log does not appear or the icons didn't dissappear, run the "second.bat" located inside the L2mfix folder.

#10 DrWatson

DrWatson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 November 2005 - 01:11 PM

David,
I rebooted and nothing happened, so I ran second.bat - icons disappeared, and the shell mentioned something about having "completed first & second pass." Then the shell disappeared, along with the icons, and I waited for like 6-7 minutes with nothing on the screen except for the internet which couldn't find the server. I again rebooted, and things returned to normal...but without any notepad log.

Edited by DrWatson, 16 November 2005 - 01:13 PM.


#11 DrWatson

DrWatson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 17 November 2005 - 11:56 AM

Here is my HijackThis Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 9:54:49 AM, on 11/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINNT\SYSTEM32\USRshutA.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.byu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USRpdA] C:\WINNT\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: ModuleUsage - C:\WINNT\system32\e2200cfmef2a0.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TTdOQ0RQUk8\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:19 AM

Posted 17 November 2005 - 01:41 PM

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :thumbsup:
David

#13 DrWatson

DrWatson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 18 November 2005 - 12:53 AM

Ewido Logfile:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:49:45 PM, 11/17/2005
+ Report-Checksum: FFAB7DF

+ Scan result:

HKU\S-1-5-21-1644491937-2139871995-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-1644491937-2139871995-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1644491937-2139871995-725345543-1004\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1644491937-2139871995-725345543-1004\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1644491937-2139871995-725345543-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-1644491937-2139871995-725345543-1005\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1644491937-2139871995-725345543-1005\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
[1116] C:\WINNT\system32\dnmasf.dll -> Spyware.Look2Me : Error during cleaning
[1652] C:\WINNT\system32\dnmasf.dll -> Spyware.Look2Me : Error during cleaning
:mozilla.5:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Aaron Krall\Application Data\Mozilla\Firefox\Profiles\4ze46se4.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@e-2dj6wjk4gpajolp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@e-2dj6wjkyalajaho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Aaron Krall\Cookies\aaron krall@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.7:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.8:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.11:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.13:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.80:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.81:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.82:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.83:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.88:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.89:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.105:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\M7NCDPRO\Application Data\Mozilla\Firefox\Profiles\8us07p0l.Amulek\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Cookies\m7ncdpro@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Cookies\m7ncdpro@e-2dj6wfkiapdzkbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Cookies\m7ncdpro@e-2dj6wjny-1mdzkg.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Cookies\m7ncdpro@e-2dj6wjnyagc5mkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/cycdll.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/dnn8015ue.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/e4jm0e11eh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/ennol1531.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/h4j4le1q1h.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/irl8l53u1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/IYSENG.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/m4nq0e55eh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/mrdocs.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/qdgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/rYsmxs.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/sbrrun.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/t8r8li9u18.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\M7NCDPRO\Desktop\Stuff\Shortcuts\l2mfix\backup.zip/ucrfaxa.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Paul Cave\Cookies\paul cave@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Roland Cave\Application Data\Mozilla\Firefox\Profiles\s3orm0d5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@reduxads.valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\Roland Cave\Cookies\roland cave@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINNT\system32\durpsetu.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\hp2023fmg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\ir44l5hq1.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\irr6l59s1.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mbrd2x40.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\mv8sl9l71.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\ombcp32r.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\rvcdll.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\rybdyctl.dll -> Spyware.Look2Me : Cleaned with backup


::Report End

Edited by DrWatson, 18 November 2005 - 12:57 AM.


#14 DrWatson

DrWatson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 18 November 2005 - 12:57 AM

Logfile of HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:30 PM, on 11/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\UAService7.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\WINNT\SYSTEM32\USRshutA.exe
C:\WINNT\SYSTEM32\USRmlnkA.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\WINNT\system32\scrnsave.scr
C:\WINNT\system32\NOTEPAD.EXE
C:\unzipped\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
O1 - Hosts: 127.0.0.1 www.igetnet.com
O1 - Hosts: 127.0.0.1 code.ignphrases.com
O1 - Hosts: 127.0.0.1 clear-search.com
O1 - Hosts: 127.0.0.1 r1.clrsch.com
O1 - Hosts: 127.0.0.1 sds.clrsch.com
O1 - Hosts: 127.0.0.1 status.clrsch.com
O1 - Hosts: 127.0.0.1 www.clrsch.com
O1 - Hosts: 127.0.0.1 clr-sch.com
O1 - Hosts: 127.0.0.1 sds-qckads.com
O1 - Hosts: 127.0.0.1 status.qckads.com
O1 - Hosts: 127.0.0.1 www.qoolaid.com
O1 - Hosts: 127.0.0.1 www.qoologic.com
O1 - Hosts: 127.0.0.1 www.CLKPrecision.com
O1 - Hosts: 127.0.0.1 www.urllogic.com
O1 - Hosts: 127.0.0.1 www.clkoptimizer.com
O1 - Hosts: 127.0.0.1 www.isearch.com
O1 - Hosts: 127.0.0.1 isearch.com
O1 - Hosts: 127.0.0.1 www.idownload.com
O1 - Hosts: 127.0.0.1 idownload.com
O1 - Hosts: 127.0.0.1 www.mytotalsearch.com
O1 - Hosts: 127.0.0.1 mytotalsearch.com
O1 - Hosts: 127.0.0.1 www.lop.com
O1 - Hosts: 127.0.0.1 lop.com
O1 - Hosts: 127.0.0.1 www.websearch.com
O1 - Hosts: 127.0.0.1 websearch.com
O1 - Hosts: 127.0.0.1 www.page-not-found.net
O1 - Hosts: 127.0.0.1 page-not-found.net
O1 - Hosts: 127.0.0.1 www.isearchhere.com
O1 - Hosts: 127.0.0.1 isearchhere.com
O1 - Hosts: 127.0.0.1 xads.offeroptimizer.comm
O1 - Hosts: 127.0.0.1 search.offeroptimizer.com
O1 - Hosts: 127.0.0.1 ximages.offeroptimizer.com
O1 - Hosts: 127.0.0.1 xlime.offeroptimizer.com
O1 - Hosts: 127.0.0.1 xadsj-o.offeroptimizer.com
O1 - Hosts: 127.0.0.1 xadsj.offeroptimizer.com
O1 - Hosts: 127.0.0.1 www.offeroptimizer.com
O1 - Hosts: 127.0.0.1 as.adwave.com
O1 - Hosts: 127.0.0.1 sr.adwave.com
O1 - Hosts: 127.0.0.1 www.adwave.com
O1 - Hosts: 127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USRpdA] C:\WINNT\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\winrnr.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mswsock.dll
O16 - DPF: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
O16 - DPF: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...8545.8843402778
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINNT\System32\msvidctl.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\System32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll
O20 - Winlogon Notify: ThemeManager - C:\WINNT\system32\s288lclu1fq8.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\System32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\System32\stobject.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\SHELL32.dll
O23 - Service: Alerter - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Application Layer Gateway Service (ALG) - Microsoft Corporation - C:\WINNT\System32\alg.exe
O23 - Service: Application Management (AppMgmt) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Windows Audio (AudioSrv) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Computer Browser (Browser) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Indexing Service (cisvc) - Microsoft Corporation - C:\WINNT\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - Microsoft Corporation - C:\WINNT\system32\clipsrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TTdOQ0RQUk8\command.exe (file missing)
O23 - Service: COM+ System Application (COMSysApp) - Microsoft Corporation - C:\WINNT\System32\dllhost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: Cryptographic Services (CryptSvc) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: DHCP Client (Dhcp) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINNT\System32\dmadmin.exe
O23 - Service: Logical Disk Manager (dmserver) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: DNS Client (Dnscache) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Error Reporting Service (ERSvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Event Log (Eventlog) - Microsoft Corporation - C:\WINNT\system32\services.exe
O23 - Service: COM+ Event System (EventSystem) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Fax - Microsoft Corporation - C:\WINNT\system32\fxssvc.exe
O23 - Service: Help and Support (helpsvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Microsoft Corporation - C:\WINNT\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server (lanmanserver) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Messenger - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Microsoft Corporation - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Microsoft Corporation - C:\WINNT\System32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - Microsoft Corporation - C:\WINNT\System32\msiexec.exe
O23 - Service: Network DDE (NetDDE) - Microsoft Corporation - C:\WINNT\system32\netdde.exe
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Microsoft Corporation - C:\WINNT\system32\netdde.exe
O23 - Service: Net Logon (Netlogon) - Microsoft Corporation - C:\WINNT\System32\lsass.exe
O23 - Service: Network Connections (Netman) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Microsoft Corporation - C:\WINNT\System32\lsass.exe
O23 - Service: Removable Storage (NtmsSvc) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Plug and Play (PlugPlay) - Microsoft Corporation - C:\WINNT\system32\services.exe
O23 - Service: IPSEC Services (PolicyAgent) - Microsoft Corporation - C:\WINNT\System32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) - Microsoft Corporation - C:\WINNT\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Microsoft Corporation - C:\WINNT\system32\sessmgr.exe
O23 - Service: Remote Registry (RemoteRegistry) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Microsoft Corporation - C:\WINNT\System32\locator.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - Microsoft Corporation - C:\WINNT\System32\rsvp.exe
O23 - Service: Security Accounts Manager (SamSs) - Microsoft Corporation - C:\WINNT\system32\lsass.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Smart Card Helper (SCardDrv) - Microsoft Corporation - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Smart Card (SCardSvr) - Microsoft Corporation - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Task Scheduler (Schedule) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Secondary Logon (seclogon) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: System Event Notification (SENS) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) (SharedAccess) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Print Spooler (Spooler) - Microsoft Corporation - C:\WINNT\system32\spoolsv.exe
O23 - Service: System Restore Service (srservice) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: SSDP Discovery Service (SSDPSRV) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Microsoft Corporation - C:\WINNT\System32\dllhost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Microsoft Corporation - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telephony (TapiSrv) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Terminal Services (TermService) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Themes - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Telnet (TlntSvr) - Microsoft Corporation - C:\WINNT\System32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Microsoft Corporation - C:\WINNT\System32\wdfmgr.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Microsoft Corporation - C:\WINNT\System32\ups.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\system32\UAService7.exe
O23 - Service: Utility Manager (UtilMan) - Microsoft Corporation - C:\WINNT\System32\UtilMan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Volume Shadow Copy (VSS) - Microsoft Corporation - C:\WINNT\System32\vssvc.exe
O23 - Service: Windows Time (W32Time) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: WebClient - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Windows Management Instrumentation (winmgmt) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Microsoft Corporation - C:\WINNT\System32\svchost.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Microsoft Corporation - C:\WINNT\System32\wbem\wmiapsrv.exe
O23 - Service: Automatic Updates (wuauserv) - Microsoft Corporation - C:\WINNT\system32\svchost.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Microsoft Corporation - C:\WINNT\System32\svchost.exe

I love you man!!!

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:19 AM

Posted 19 November 2005 - 08:14 AM

  • Please download hoster from the link below.
    http://www.funkytoad.com/download/hoster.zip
  • Unzip Hoster.zip
  • Open Hoster.exe
  • Then click on "Restore Original Hosts"
  • Close program when complete.
  • Empty Recycle Bin
  • Reboot and "copy/paste" a new log file into this thread, after completing any other instructions given
Download the following file:

http://www.thatcomputerguy.us/downloads/finditnt2000xp.zip

and unzip the contents to a folder. When it has unzipped, open that folder and double click on Find.bat. It will run for a while, so be patient, and then produce a log (ignore any File not found messages on the screen, it should continue anyway).

Please copy and paste that log here.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users