Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems With Adwarepopuper


  • Please log in to reply
13 replies to this topic

#1 doopi

doopi

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Norway
  • Local time:09:11 PM

Posted 24 January 2006 - 09:00 PM

can't get rith of ad-awear pop'ups! I have tried norton-systemworks ad-were and spycheriff.

spycheriff detects a "bug" named adware popuper. in c:\windows\_msrstrt.exe.

Can I delete that program?


Logfile of HijackThis v1.99.1
Scan saved at 02:33:02, on 25.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\rundll32.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\windows\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
C:\Programfiler\Brother\ControlCenter2\brctrcen.exe
C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\RunDLL32.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\windows\system32\ctfmon.exe
C:\Programfiler\Creative\Shared Files\CamTray.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\PROGRA~1\FELLES~1\kqwu\kqwum.exe
C:\PROGRA~1\FELLES~1\kqwu\kqwua.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\sistray.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [PC Booster] C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [kqwu] C:\PROGRA~1\FELLES~1\kqwu\kqwum.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk546YYNO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Extensions - C:\windows\system32\gp0sl3d71.dll
O21 - SSODL: ws_32 - {D395D8D3-DA13-4408-B75B-D6F474EB6356} - ws_32.dll (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
......There goes more to marriage than four bare legs in a bed......
....Be wiser than other people if you can, but do not tell them so.....

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 25 January 2006 - 04:54 PM

SpySherrif itself is malware

Add remove programs - remove if present MyWebSearch - SPySHerrif

* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan and Ewido
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 doopi

doopi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Norway
  • Local time:09:11 PM

Posted 25 January 2006 - 08:35 PM

Can’t run ActivScan, error with the page.

Are still getting allot of popup (spam)


Logfile of HijackThis v1.99.1
Scan saved at 02:02:41, on 26.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\windows\system32\rundll32.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\windows\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\windows\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
C:\Programfiler\Brother\ControlCenter2\brctrcen.exe
C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\RunDLL32.exe
C:\windows\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Creative\Shared Files\CamTray.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\sistray.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\windows\notepad.exe
C:\Programfiler\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [PC Booster] C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [kqwu] C:\PROGRA~1\FELLES~1\kqwu\kqwum.exe
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk546YYNO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Paths - C:\windows\system32\ktnql7551.dll
O21 - SSODL: ws_32 - {D395D8D3-DA13-4408-B75B-D6F474EB6356} - ws_32.dll (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by doopi, 25 January 2006 - 08:49 PM.

......There goes more to marriage than four bare legs in a bed......
....Be wiser than other people if you can, but do not tell them so.....

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 26 January 2006 - 11:22 AM

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKCU\..\Run: [kqwu] C:\PROGRA~1\FELLES~1\kqwu\kqwum.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk546YYNO

O20 - Winlogon Notify: App Paths - C:\windows\system32\ktnql7551.dll

O21 - SSODL: ws_32 - {D395D8D3-DA13-4408-B75B-D6F474EB6356} - ws_32.dll (file missing)

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Programfiler\Fellesfiler\kqwu
C:\windows\system32\ktnql7551.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

* Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:

1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there to fix it manually.
Do not run the fix portion without fixing the error first.
After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.


Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 doopi

doopi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Norway
  • Local time:09:11 PM

Posted 26 January 2006 - 05:53 PM

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL]
"Asynchronous"=dword:00000000
"DllName"="C:\\windows\\system32\\en0ol1d31.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6AC5B5AC-A4F4-86E1-ECBD-31AE7E1D9954}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskapsside for multimediefil"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM skannerbehandling"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-sikkerhetsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskapsside for OLE DOC-fil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Skallutvidelse for deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermtype"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-sikkerhetsside"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Diskkopieringsutvidelse"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Skallutvidelser for Microsoft Windows-nettverksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM skjermbehandling"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM skriverbehandling"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Skallutvidelser for filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Skallutvidelse for Web-skriver"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Hurtigmeny for kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Koffert"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Ikonutvidelse for HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Skrifter"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Skriversikkerhetsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Skallutvidelse for deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-utvidelse"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign-utvidelse"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Nettverkstilkoblinger"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Nettverkstilkoblinger"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Skallutvidelser for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-datakobling"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte oppgaver"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Oppgavelinje og Start-meny"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›k"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Kj›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internett"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-post"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative verkt›y"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Egenskapsside for tidligere versjoner"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Tidligere versjoner"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internett-verkt›ylinje"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Nedlastingsstatus"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="B†ndproxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft-tjeneste for tidligere URL-adresser"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Logg"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft-binding for URL-s›k"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbilde for Internet Explorer 4.0"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internett"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-b†nd"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Mappe for ActiveX-hurtigbuffer"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Abonnementsmappe"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Behandling av skallprogrammer"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerator for installerte programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin Programpubliserer"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Uttrekking av miniatyrbilder i GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Behandling av informasjon om miniatyrbilder"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Uttrekking av HTML-miniatyrbilder"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Veiviser for Web-publisering"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestille utskrifter via Weben"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Veiviserobjekt for skallpublisering"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="F† en passport-veiviser"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brukerkontoer"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanalsnarvei"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanalbehandlingsobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappe for Frakoblede filer"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Etter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-mapper"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Popup Info"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug and Play-enheter"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{043308A2-3CF7-4ED5-A668-2B4FB0BD307A}"="dBpowerAMP dAP Scripting"
"{2E74A677-EB7F-4AF0-9C7C-461502C25C93}"=""
"{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}"=""
"{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}"=""
"{C078CF16-B630-4D70-8D35-BEB98008DDDA}"=""
"{EC85E583-9486-4CD3-9FC3-DA47CED00835}"=""
"{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}"=""
"{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E74A677-EB7F-4AF0-9C7C-461502C25C93}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E74A677-EB7F-4AF0-9C7C-461502C25C93}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E74A677-EB7F-4AF0-9C7C-461502C25C93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E74A677-EB7F-4AF0-9C7C-461502C25C93}\InprocServer32]
@="C:\\windows\\system32\\oeepro32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}\InprocServer32]
@="C:\\windows\\system32\\pdrfproc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}\InprocServer32]
@="C:\\windows\\system32\\jpaw400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C078CF16-B630-4D70-8D35-BEB98008DDDA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C078CF16-B630-4D70-8D35-BEB98008DDDA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C078CF16-B630-4D70-8D35-BEB98008DDDA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C078CF16-B630-4D70-8D35-BEB98008DDDA}\InprocServer32]
@="C:\\windows\\system32\\wphisn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EC85E583-9486-4CD3-9FC3-DA47CED00835}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EC85E583-9486-4CD3-9FC3-DA47CED00835}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EC85E583-9486-4CD3-9FC3-DA47CED00835}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EC85E583-9486-4CD3-9FC3-DA47CED00835}\InprocServer32]
@="C:\\windows\\system32\\mqdimap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}\InprocServer32]
@="C:\\windows\\system32\\amicap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}\InprocServer32]
@="C:\\windows\\system32\\mniqtz32.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
amicap.dll Thu 26 Jan 2006 23:01:46 ..S.R 235 816 230,29 K
avisynth.dll Thu 3 Nov 2005 3:22:04 A.... 196 608 192,00 K
browseui.dll Thu 24 Nov 2005 1:39:22 A.... 1 022 464 998,50 K
danim.dll Sat 5 Nov 2005 4:20:34 A.... 1 054 720 1,00 M
divxc32.dll Thu 3 Nov 2005 3:21:40 A.... 414 272 404,56 K
divxc32f.dll Thu 3 Nov 2005 3:21:40 A.... 414 272 404,56 K
en0ol1~1.dll Thu 26 Jan 2006 23:05:22 ..S.R 236 982 231,43 K
gdi32.dll Thu 29 Dec 2005 3:56:08 A.... 280 064 273,50 K
huffyuv.dll Thu 3 Nov 2005 3:21:30 A.... 33 280 32,50 K
jpaw400.dll Thu 26 Jan 2006 1:33:48 ..S.R 235 181 229,67 K
jtjs07~1.dll Thu 26 Jan 2006 23:27:16 ..S.R 234 201 228,71 K
legitc~1.dll Wed 9 Nov 2005 11:30:32 ..... 534 280 521,76 K
mmiole32.dll Thu 26 Jan 2006 23:04:44 ..S.R 236 121 230,59 K
mniqtz32.dll Thu 26 Jan 2006 23:39:28 ..S.R 236 982 231,43 K
mqdimap.dll Thu 26 Jan 2006 22:30:06 ..S.R 235 816 230,29 K
mshtml.dll Thu 24 Nov 2005 1:39:24 A.... 3 013 632 2,87 M
pdrfproc.dll Thu 26 Jan 2006 23:27:08 ..S.R 236 691 231,14 K
s32evnt1.dll Tue 3 Jan 2006 15:31:44 A.... 91 904 89,75 K
shdocvw.dll Thu 1 Dec 2005 4:33:22 A.... 1 492 480 1,42 M
urlmon.dll Sat 5 Nov 2005 4:20:40 A.... 604 160 590,00 K
wbhelp2.dll Wed 16 Nov 2005 2:03:26 A.... 50 688 49,50 K
wgalogon.dll Wed 9 Nov 2005 11:30:24 ..... 396 552 387,26 K
wphisn.dll Thu 26 Jan 2006 9:25:46 ..S.R 236 384 230,84 K

23 items found: 23 files (9 H/S), 0 directories.
Total of file sizes: 11 723 550 bytes 11,18 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Thu 26 Jan 2006 23:39:38 A.... 234 245 228,75 K

1 item found: 1 file, 0 directories.
Total of file sizes: 234 245 bytes 228,75 K
**********************************************************************************
Directory Listing of system files:
Volumet i stasjon C er System
Volumserienummeret er 94BD-5298

Innhold i C:\windows\System32

26.01.2006 23:39 236˙982 mniqtz32.dll
26.01.2006 23:27 234˙201 jtjs0717e.dll
26.01.2006 23:27 236˙691 pdrfproc.dll
26.01.2006 23:05 236˙982 en0ol1d31.dll
26.01.2006 23:04 236˙121 mmiole32.dll
26.01.2006 23:01 235˙816 amicap.dll
26.01.2006 22:30 235˙816 mqdimap.dll
26.01.2006 09:25 236˙384 wphisn.dll
26.01.2006 01:33 235˙181 jpaw400.dll
11.01.2006 03:01 <DIR> dllcache
09.10.2004 03:47 <DIR> Microsoft
30.09.1999 18:21 166˙672 mstext35.dll
28.09.1999 20:42 1˙050˙896 msjet35.dll
09.09.1999 21:06 252˙688 msexcl35.dll
09.09.1999 21:06 168˙720 msltus35.dll
25.08.1999 13:57 415˙504 msrepl35.dll
10.06.1999 08:34 123˙664 msjint35.dll
10.06.1999 08:34 24˙848 msjter35.dll
07.06.1999 17:59 250˙128 mspdox35.dll
25.04.1999 16:00 368˙912 Vbar332.dll
25.04.1999 16:00 252˙176 Msrd2x35.dll
25.04.1999 16:00 287˙504 Msxbse35.dll
20 fil(er) 5˙485˙886 byte
2 mappe® 18˙173˙652˙992 byte ledig
......There goes more to marriage than four bare legs in a bed......
....Be wiser than other people if you can, but do not tell them so.....

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 26 January 2006 - 06:11 PM

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.


If after the reboot the desktop icons don’t disappear or the log does not pop up then in the l2mfix folder double click the second.bat file to continue with the fix.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 doopi

doopi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Norway
  • Local time:09:11 PM

Posted 27 January 2006 - 11:12 AM

L2mfix 010406
Creating Account.
Kommandoen er fullf›rt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (164 bytes security) (deflated 63%)






Logfile of HijackThis v1.99.1
Scan saved at 17:07:36, on 27.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\windows\system32\rundll32.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\windows\system32\slserv.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
C:\Programfiler\Brother\ControlCenter2\brctrcen.exe
C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\ctfmon.exe
C:\Programfiler\Creative\Shared Files\CamTray.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\sistray.exe
C:\windows\system32\wuauclt.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Programfiler\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [PC Booster] C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Applets - C:\windows\system32\hrr2059oe.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe





Ps... after i had put this logg in the pc rebooted 3 times of it's one. I dident doo nothing for it too reboot.

winlogon.exe
feilier signatur

szAppName : winlogon.exe szAppVer : 0.0.0.0 szModName : hrr2059oe.dll
szModVer : 0.0.0.0 offset : 00013eee

innformaison in feilier raport

C:\DOCUME~1\TORARN~1\LOKALE~1\Temp\WERa182.dir00\winlogon.exe.mdmp
C:\DOCUME~1\TORARN~1\LOKALE~1\Temp\WERa182.dir00\appcompat.txt

Edited by doopi, 27 January 2006 - 11:33 AM.

......There goes more to marriage than four bare legs in a bed......
....Be wiser than other people if you can, but do not tell them so.....

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 27 January 2006 - 11:43 AM

You need to do option 1 and then option 2 again but it has to be under an account with admin privledges
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 doopi

doopi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Norway
  • Local time:09:11 PM

Posted 27 January 2006 - 12:09 PM

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager]
"Asynchronous"=dword:00000000
"DllName"="C:\\windows\\system32\\hrr2059oe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6AC5B5AC-A4F4-86E1-ECBD-31AE7E1D9954}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskapsside for multimediefil"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM skannerbehandling"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-sikkerhetsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskapsside for OLE DOC-fil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Skallutvidelse for deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermtype"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-sikkerhetsside"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Diskkopieringsutvidelse"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Skallutvidelser for Microsoft Windows-nettverksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM skjermbehandling"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM skriverbehandling"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Skallutvidelser for filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Skallutvidelse for Web-skriver"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Hurtigmeny for kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Koffert"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Ikonutvidelse for HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Skrifter"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Skriversikkerhetsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Skallutvidelse for deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-utvidelse"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign-utvidelse"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Nettverkstilkoblinger"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Nettverkstilkoblinger"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Skallutvidelser for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-datakobling"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte oppgaver"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Oppgavelinje og Start-meny"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›k"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Kj›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internett"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-post"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative verkt›y"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Egenskapsside for tidligere versjoner"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Tidligere versjoner"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internett-verkt›ylinje"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Nedlastingsstatus"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="B†ndproxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft-tjeneste for tidligere URL-adresser"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Logg"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft-binding for URL-s›k"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbilde for Internet Explorer 4.0"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internett"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-b†nd"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Mappe for ActiveX-hurtigbuffer"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Abonnementsmappe"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Behandling av skallprogrammer"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerator for installerte programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin Programpubliserer"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Uttrekking av miniatyrbilder i GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Behandling av informasjon om miniatyrbilder"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Uttrekking av HTML-miniatyrbilder"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Veiviser for Web-publisering"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestille utskrifter via Weben"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Veiviserobjekt for skallpublisering"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="F† en passport-veiviser"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brukerkontoer"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanalsnarvei"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanalbehandlingsobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappe for Frakoblede filer"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Etter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-mapper"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Popup Info"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug and Play-enheter"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{043308A2-3CF7-4ED5-A668-2B4FB0BD307A}"="dBpowerAMP dAP Scripting"
"{2E74A677-EB7F-4AF0-9C7C-461502C25C93}"=""
"{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}"=""
"{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}"=""
"{C078CF16-B630-4D70-8D35-BEB98008DDDA}"=""
"{EC85E583-9486-4CD3-9FC3-DA47CED00835}"=""
"{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}"=""
"{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}"=""
"{633187E3-7229-4F19-9EE1-EE3BB1B21421}"=""
"{8CC1CC77-FCB2-4BCF-BB30-8CC95B2A66C8}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E74A677-EB7F-4AF0-9C7C-461502C25C93}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E74A677-EB7F-4AF0-9C7C-461502C25C93}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E74A677-EB7F-4AF0-9C7C-461502C25C93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E74A677-EB7F-4AF0-9C7C-461502C25C93}\InprocServer32]
@="C:\\windows\\system32\\oeepro32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E8FC8CDB-67AD-41E1-A2CD-78C1C4B5D88A}\InprocServer32]
@="C:\\windows\\system32\\pdrfproc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C67A8BC8-E132-4D54-9D26-A5CCE11512C5}\InprocServer32]
@="C:\\windows\\system32\\jpaw400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C078CF16-B630-4D70-8D35-BEB98008DDDA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C078CF16-B630-4D70-8D35-BEB98008DDDA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C078CF16-B630-4D70-8D35-BEB98008DDDA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C078CF16-B630-4D70-8D35-BEB98008DDDA}\InprocServer32]
@="C:\\windows\\system32\\wphisn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EC85E583-9486-4CD3-9FC3-DA47CED00835}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EC85E583-9486-4CD3-9FC3-DA47CED00835}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EC85E583-9486-4CD3-9FC3-DA47CED00835}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EC85E583-9486-4CD3-9FC3-DA47CED00835}\InprocServer32]
@="C:\\windows\\system32\\mqdimap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4F6C96EF-C0E1-4BB6-848D-A19C7B041D62}\InprocServer32]
@="C:\\windows\\system32\\amicap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABA8AAC5-A2FF-4465-A6BA-849FC9710CF1}\InprocServer32]
@="C:\\windows\\system32\\mniqtz32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{633187E3-7229-4F19-9EE1-EE3BB1B21421}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{633187E3-7229-4F19-9EE1-EE3BB1B21421}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{633187E3-7229-4F19-9EE1-EE3BB1B21421}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{633187E3-7229-4F19-9EE1-EE3BB1B21421}\InprocServer32]
@="C:\\windows\\system32\\mdjetoledb40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8CC1CC77-FCB2-4BCF-BB30-8CC95B2A66C8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8CC1CC77-FCB2-4BCF-BB30-8CC95B2A66C8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8CC1CC77-FCB2-4BCF-BB30-8CC95B2A66C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8CC1CC77-FCB2-4BCF-BB30-8CC95B2A66C8}\InprocServer32]
@="C:\\windows\\system32\\itstFunc.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
amicap.dll Thu 26 Jan 2006 23:01:46 ..S.R 235 816 230,29 K
avisynth.dll Thu 3 Nov 2005 3:22:04 A.... 196 608 192,00 K
browseui.dll Thu 24 Nov 2005 1:39:22 A.... 1 022 464 998,50 K
danim.dll Sat 5 Nov 2005 4:20:34 A.... 1 054 720 1,00 M
divxc32.dll Thu 3 Nov 2005 3:21:40 A.... 414 272 404,56 K
divxc32f.dll Thu 3 Nov 2005 3:21:40 A.... 414 272 404,56 K
dnnu01~1.dll Fri 27 Jan 2006 16:38:46 ..S.R 236 287 230,75 K
dnr001~1.dll Fri 27 Jan 2006 15:28:14 ..S.R 234 614 229,11 K
gdi32.dll Thu 29 Dec 2005 3:56:08 A.... 280 064 273,50 K
gp84l3~1.dll Fri 27 Jan 2006 17:12:14 ..S.R 235 728 230,20 K
gplsl3~1.dll Fri 27 Jan 2006 16:49:36 ..S.R 236 085 230,55 K
hrr205~1.dll Thu 26 Jan 2006 23:39:38 ..S.R 234 245 228,75 K
huffyuv.dll Thu 3 Nov 2005 3:21:30 A.... 33 280 32,50 K
i8060i~1.dll Fri 27 Jan 2006 16:28:34 ..S.R 234 751 229,25 K
itstfunc.dll Fri 27 Jan 2006 18:00:04 ..S.R 234 245 228,75 K
jpaw400.dll Thu 26 Jan 2006 1:33:48 ..S.R 235 181 229,67 K
jtr407~1.dll Fri 27 Jan 2006 17:20:36 ..S.R 234 742 229,24 K
l8l60i~1.dll Fri 27 Jan 2006 17:20:42 ..S.R 234 959 229,45 K
legitc~1.dll Wed 9 Nov 2005 11:30:32 ..... 534 280 521,76 K
mdjeto~1.dll Fri 27 Jan 2006 15:28:02 ..S.R 234 201 228,71 K
mmiole32.dll Thu 26 Jan 2006 23:04:44 ..S.R 236 121 230,59 K
mniqtz32.dll Thu 26 Jan 2006 23:39:28 ..S.R 236 982 231,43 K
mqdimap.dll Thu 26 Jan 2006 22:30:06 ..S.R 235 816 230,29 K
mshtml.dll Thu 24 Nov 2005 1:39:24 A.... 3 013 632 2,87 M
mvl6l9~1.dll Fri 27 Jan 2006 17:04:04 ..S.R 235 884 230,36 K
pdrfproc.dll Thu 26 Jan 2006 23:27:08 ..S.R 236 691 231,14 K
s32evnt1.dll Tue 3 Jan 2006 15:31:44 A.... 91 904 89,75 K
shdocvw.dll Thu 1 Dec 2005 4:33:22 A.... 1 492 480 1,42 M
urlmon.dll Sat 5 Nov 2005 4:20:40 A.... 604 160 590,00 K
wbhelp2.dll Wed 16 Nov 2005 2:03:26 A.... 50 688 49,50 K
wgalogon.dll Wed 9 Nov 2005 11:30:24 ..... 396 552 387,26 K
wphisn.dll Thu 26 Jan 2006 9:25:46 ..S.R 236 384 230,84 K

32 items found: 32 files (18 H/S), 0 directories.
Total of file sizes: 13 838 108 bytes 13,20 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Fri 27 Jan 2006 18:00:08 A.... 236 131 230,59 K

1 item found: 1 file, 0 directories.
Total of file sizes: 236 131 bytes 230,59 K
**********************************************************************************
Directory Listing of system files:
Volumet i stasjon C er System
Volumserienummeret er 94BD-5298

Innhold i C:\windows\System32

27.01.2006 18:00 234˙245 itstFunc.dll
27.01.2006 17:20 234˙959 l8l60i3se8.dll
27.01.2006 17:20 234˙742 jtr4079qe.dll
27.01.2006 17:12 235˙728 gp84l3lq1.dll
27.01.2006 17:04 235˙884 mvl6l93s1.dll
27.01.2006 16:49 236˙085 gplsl3371.dll
27.01.2006 16:38 236˙287 dnnu0159e.dll
27.01.2006 16:28 234˙751 i8060idse8060.dll
27.01.2006 15:28 234˙614 dnr0019me.dll
27.01.2006 15:28 234˙201 mdjetoledb40.dll
26.01.2006 23:39 234˙245 hrr2059oe.dll
26.01.2006 23:39 236˙982 mniqtz32.dll
26.01.2006 23:27 236˙691 pdrfproc.dll
26.01.2006 23:04 236˙121 mmiole32.dll
26.01.2006 23:01 235˙816 amicap.dll
26.01.2006 22:30 235˙816 mqdimap.dll
26.01.2006 09:25 236˙384 wphisn.dll
26.01.2006 01:33 235˙181 jpaw400.dll
11.01.2006 03:01 <DIR> dllcache
09.10.2004 03:47 <DIR> Microsoft
30.09.1999 18:21 166˙672 mstext35.dll
28.09.1999 20:42 1˙050˙896 msjet35.dll
09.09.1999 21:06 252˙688 msexcl35.dll
09.09.1999 21:06 168˙720 msltus35.dll
25.08.1999 13:57 415˙504 msrepl35.dll
10.06.1999 08:34 24˙848 msjter35.dll
10.06.1999 08:34 123˙664 msjint35.dll
07.06.1999 17:59 250˙128 mspdox35.dll
25.04.1999 16:00 368˙912 Vbar332.dll
25.04.1999 16:00 252˙176 Msrd2x35.dll
25.04.1999 16:00 287˙504 Msxbse35.dll
29 fil(er) 7˙600˙444 byte
2 mappe® 18˙137˙079˙808 byte ledig







L2mfix 010406
Creating Account.
Kommandoen er fullf›rt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (164 bytes security) (deflated 87%)







Logfile of HijackThis v1.99.1
Scan saved at 18:07:55, on 27.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\windows\system32\rundll32.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\windows\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
C:\Programfiler\Brother\ControlCenter2\brctrcen.exe
C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\system32\ctfmon.exe
C:\Programfiler\Creative\Shared Files\CamTray.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\sistray.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Programfiler\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [PC Booster] C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ThemeManager - C:\windows\system32\hrr2059oe.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
......There goes more to marriage than four bare legs in a bed......
....Be wiser than other people if you can, but do not tell them so.....

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 27 January 2006 - 02:43 PM

Try this

kill2me - http://www.majorgeeks.com/download4166.html
==================================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.

Edited by MFDnSC, 27 January 2006 - 06:14 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 doopi

doopi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Norway
  • Local time:09:11 PM

Posted 27 January 2006 - 08:22 PM

********
01:26: | Start of Session, 28. januar 2006 |
01:26: Spy Sweeper started
01:26: Sweep initiated using definitions version 606
01:26: Starting Memory Sweep
01:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:28: Memory Sweep Complete, Elapsed Time: 00:02:19
01:28: Starting Registry Sweep
01:28: Found Adware: targetsaver
01:28: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
01:28: Found Adware: topsearch
01:28: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
01:28: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
01:28: Found Adware: winantispyware 2005
01:28: HKCR\checkproduct2.checkproduct\ (5 subtraces) (ID = 527503)
01:28: HKCR\checkproduct2.checkproduct.1\ (3 subtraces) (ID = 527509)
01:28: HKCR\appid\checkproduct2.dll\ (1 subtraces) (ID = 527632)
01:28: HKLM\software\classes\checkproduct2.checkproduct\ (5 subtraces) (ID = 528199)
01:28: HKLM\software\classes\checkproduct2.checkproduct.1\ (3 subtraces) (ID = 528205)
01:28: HKLM\software\classes\appid\checkproduct2.dll\ (1 subtraces) (ID = 528341)
01:28: HKCR\uwfxcheck.uwfxcheck\ (5 subtraces) (ID = 1128629)
01:28: HKCR\uwfxcheck.uwfxcheck.1\ (3 subtraces) (ID = 1128635)
01:28: HKCR\clsid\{9f3d2a3c-d537-482b-a91b-44ee29f09c4b}\ (14 subtraces) (ID = 1128710)
01:28: HKCR\typelib\{25bae2a9-df54-4927-af6f-9963146d11d8}\ (9 subtraces) (ID = 1128851)
01:28: HKLM\software\winfixer 2005\ (ID = 1128907)
01:28: HKLM\software\classes\uwfxcheck.uwfxcheck\ (5 subtraces) (ID = 1129021)
01:28: HKLM\software\classes\uwfxcheck.uwfxcheck.1\ (3 subtraces) (ID = 1129027)
01:28: HKLM\software\classes\clsid\{9f3d2a3c-d537-482b-a91b-44ee29f09c4b}\ (14 subtraces) (ID = 1129102)
01:28: HKLM\software\classes\typelib\{25bae2a9-df54-4927-af6f-9963146d11d8}\ (9 subtraces) (ID = 1129243)
01:28: Found Adware: findthewebsiteyouneed hijack
01:28: HKU\S-1-5-21-2169540865-692371682-1218675897-1006\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
01:28: Found Adware: spywareno! components
01:28: HKU\S-1-5-21-2169540865-692371682-1218675897-1006\software\sno2\ (1 subtraces) (ID = 782236)
01:28: Registry Sweep Complete, Elapsed Time:00:00:12
01:28: Starting Cookie Sweep
01:28: Found Spy Cookie: hbmediapro cookie
01:28: tor arne@adopt.hbmediapro[2].txt (ID = 2768)
01:28: Found Spy Cookie: belnk cookie
01:28: tor arne@dist.belnk[2].txt (ID = 2293)
01:28: Found Spy Cookie: maxserving cookie
01:28: tor arne@maxserving[2].txt (ID = 2966)
01:28: Found Spy Cookie: mywebsearch cookie
01:28: tor arne@mywebsearch[2].txt (ID = 3051)
01:28: Found Spy Cookie: partypoker cookie
01:28: tor arne@partypoker[1].txt (ID = 3111)
01:28: Found Spy Cookie: passion cookie
01:28: tor arne@passion[2].txt (ID = 3113)
01:28: Found Spy Cookie: realmedia cookie
01:28: tor arne@realmedia[1].txt (ID = 3235)
01:28: Found Spy Cookie: seeq cookie
01:28: tor arne@seeq[2].txt (ID = 3331)
01:28: Found Spy Cookie: reliablestats cookie
01:28: tor arne@stats1.reliablestats[2].txt (ID = 3254)
01:28: tor arne@www.seeq[1].txt (ID = 3332)
01:28: Found Spy Cookie: winantiviruspro cookie
01:28: tor arne@www.winantiviruspro[1].txt (ID = 3690)
01:28: tor arne@www48.seeq[1].txt (ID = 3332)
01:28: Found Spy Cookie: yadro cookie
01:28: tor arne@yadro[1].txt (ID = 3743)
01:28: Found Spy Cookie: zedo cookie
01:28: tor arne@zedo[2].txt (ID = 3762)
01:28: Cookie Sweep Complete, Elapsed Time: 00:00:03
01:28: Starting File Sweep
01:29: Found Adware: ist istbar
01:29: a0020396.exe (ID = 185599)
01:29: a0020395.exe (ID = 64496)
01:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:29: a0018810.exe (ID = 185599)
01:30: a0017682.sys (ID = 119187)
01:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:30: Found Adware: coolwebsearch (cws)
01:30: a0022391.exe (ID = 237630)
01:30: a0017705.sys (ID = 119187)
01:31: Found Adware: look2me
01:31: a0027687.exe (ID = 65722)
01:31: a0020406.exe (ID = 195132)
01:31: a0017540.exe (ID = 119184)
01:31: a0017542.exe (ID = 119184)
01:31: Found Trojan Horse: trojan-backdoor-us15info
01:31: a0027635.dll (ID = 236585)
01:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:31: a0027766.dll (ID = 159)
01:32: a0017544.exe (ID = 119184)
01:32: a0017518.exe (ID = 185599)
01:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:33: a0027617.exe (ID = 195128)
01:33: a0017511.exe (ID = 236889)
01:33: a0022441.dll (ID = 163672)
01:34: a0017517.exe (ID = 119198)
01:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:34: a0027688.exe (ID = 65721)
01:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:36: icont.exe (ID = 65722)
01:36: a0020407.dll (ID = 159)
01:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:36: a0020408.dll (ID = 159)
01:36: a0027693.dll (ID = 159)
01:37: a0020405.exe (ID = 195130)
01:37: a0027689.dll (ID = 159)
01:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:38: 00056022.exe (ID = 119184)
01:39: a0020410.dll (ID = 163672)
01:39: a0017246.exe (ID = 119202)
01:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:39: a0017229.dll (ID = 119192)
01:39: a0027979.dll (ID = 159)
01:39: a0017704.dll (ID = 119192)
01:39: a0017700.dll (ID = 119199)
01:39: mvl6l93s1.dll (ID = 159)
01:39: a0027627.dll (ID = 163672)
01:39: a0027644.dll (ID = 159)
01:40: a0017514.exe (ID = 119194)
01:40: a0027576.dll (ID = 159)
01:40: a0027624.dll (ID = 163672)
01:40: a0017683.dll (ID = 119199)
01:40: a0027657.dll (ID = 159)
01:40: 00057432.dll (ID = 159)
01:40: 00056025.exe (ID = 119184)
01:40: a0027663.dll (ID = 159)
01:40: mmiole32.dll (ID = 159)
01:40: a0027738.dll (ID = 159)
01:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:40: a0027692.dll (ID = 163672)
01:40: a0017711.exe (ID = 119201)
01:40: a0020397.dll (ID = 163672)
01:40: a0027645.dll (ID = 159)
01:40: gp84l3lq1.dll (ID = 159)
01:41: a0025467.dll (ID = 159)
01:41: a0017515.exe (ID = 119194)
01:41: jtr4079qe.dll (ID = 159)
01:41: a0027772.dll (ID = 159)
01:41: a0017516.dll (ID = 119188)
01:41: 00057295.dll (ID = 159)
01:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:41: a0017712.exe (ID = 114992)
01:41: a0027647.dll (ID = 159)
01:41: guard.tmp (ID = 159)
01:41: t28ulcl91fq.dll (ID = 159)
01:41: a0017233.dll (ID = 119191)
01:41: 00056463.dll (ID = 159)
01:41: jpaw400.dll (ID = 159)
01:41: itstfunc.dll (ID = 159)
01:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:41: a0024450.dll (ID = 159)
01:41: a0027639.exe (ID = 236586)
01:41: Found Adware: spysheriff fakealert
01:41: a0027630.exe (ID = 235887)
01:41: 00057106.dll (ID = 159)
01:41: a0027628.exe (ID = 183857)
01:41: a0027633.exe (ID = 235887)
01:41: a0027640.dll (ID = 163672)
01:42: a0017706.dll (ID = 119186)
01:42: a0027557.dll (ID = 159)
01:42: Found Adware: dollarrevenue
01:42: a0027629.exe (ID = 233750)
01:42: a0027659.dll (ID = 159)
01:42: a0027648.dll (ID = 159)
01:42: tpnlib4.dll (ID = 159)
01:42: a0027638.exe (ID = 183857)
01:42: a0027637.exe (ID = 183857)
01:42: a0027700.dll (ID = 159)
01:42: a0027636.exe (ID = 183857)
01:42: a0017703.dll (ID = 119195)
01:42: a0017702.dll (ID = 119190)
01:42: Found Trojan Horse: trojan-downloader-toolbarpartner
01:42: a0027632.exe (ID = 232849)
01:42: a0017701.dll (ID = 119185)
01:42: a0027762.dll (ID = 159)
01:42: tsupdate2[1].ini (ID = 193498)
01:42: a0027695.dll (ID = 159)
01:42: a0027750.dll (ID = 159)
01:42: a0027646.dll (ID = 159)
01:42: tsuninst.exe (ID = 193501)
01:42: a0027631.exe (ID = 237560)
01:42: a0017523.exe (ID = 122245)
01:42: a0017699.dll (ID = 119191)
01:42: a0027777.dll (ID = 159)
01:42: appwrap[1].exe (ID = 65722)
01:42: a0027618.dll (ID = 195129)
01:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:43: a0027649.dll (ID = 159)
01:43: a0027694.dll (ID = 159)
01:43: a0027807.dll (ID = 159)
01:43: a0020398.dll (ID = 163672)
01:43: a0020409.exe (ID = 193995)
01:43: 00057089.dll (ID = 159)
01:43: a0027642.dll (ID = 159)
01:43: a0027821.dll (ID = 159)
01:43: a0027641.dll (ID = 159)
01:43: dnnu0159e.dll (ID = 159)
01:43: a0027619.exe (ID = 195131)
01:43: a0020399.dll (ID = 163672)
01:43: a0019152.exe (ID = 185599)
01:43: a0025475.dll (ID = 159)
01:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:44: a0017519.dll (ID = 119203)
01:44: a0027494.dll (ID = 159)
01:44: a0020400.dll (ID = 163672)
01:44: a0027658.dll (ID = 159)
01:44: a0027664.dll (ID = 159)
01:44: a0027665.dll (ID = 159)
01:44: a0020401.dll (ID = 159)
01:44: l8l60i3se8.dll (ID = 159)
01:44: a0017708.dll (ID = 119189)
01:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:44: dnr0019me.dll (ID = 159)
01:44: a0027666.dll (ID = 159)
01:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:44: a0017228.dll (ID = 119188)
01:44: a0027643.dll (ID = 159)
01:44: a0027650.dll (ID = 159)
01:45: 00057129.dll (ID = 159)
01:45: a0027691.dll (ID = 159)
01:45: a0020402.dll (ID = 159)
01:45: a0027653.dll (ID = 159)
01:45: a0017231.dll (ID = 119190)
01:45: mdjetoledb40.dll (ID = 159)
01:45: a0027651.dll (ID = 159)
01:45: a0027652.dll (ID = 159)
01:45: wphisn.dll (ID = 159)
01:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:45: a0027654.dll (ID = 159)
01:45: a0027587.dll (ID = 159)
01:45: a0017655.exe (ID = 236888)
01:45: a0017710.dll (ID = 119196)
01:45: a0017232.dll (ID = 119185)
01:45: a0027656.dll (ID = 159)
01:45: a0017227.dll (ID = 119186)
01:45: vocabulary (ID = 78283)
01:45: a0027667.dll (ID = 159)
01:45: a0027696.dll (ID = 159)
01:45: i8060idse8060.dll (ID = 159)
01:45: mniqtz32.dll (ID = 159)
01:45: a0027722.dll (ID = 159)
01:45: Found Adware: ist yoursitebar
01:45: a0027634.dll (ID = 161559)
01:45: 00056853.dll (ID = 159)
01:45: a0027699.dll (ID = 159)
01:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:45: a0027547.dll (ID = 159)
01:45: amicap.dll (ID = 159)
01:45: a0017673.exe (ID = 185599)
01:45: a0027661.dll (ID = 159)
01:45: 00056729.dll (ID = 159)
01:45: a0027690.sys (ID = 119187)
01:45: pcheck.dll (ID = 119204)
01:45: 00056979.dll (ID = 159)
01:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:45: Found Adware: ist surf accuracy
01:45: 00054616.exe (ID = 180136)
01:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:46: a0027485.dll (ID = 159)
01:46: pdrfproc.dll (ID = 159)
01:46: mqdimap.dll (ID = 159)
01:46: a0017230.dll (ID = 119195)
01:46: a0017226.exe (ID = 119202)
01:46: a0017469.exe (ID = 185599)
01:46: a0027614.dll (ID = 159)
01:46: a0020403.exe (ID = 168558)
01:46: a0024458.dll (ID = 159)
01:46: class-barrel (ID = 78229)
01:46: a0027655.dll (ID = 159)
01:46: gplsl3371.dll (ID = 159)
01:46: a0017215.exe (ID = 236887)
01:46: a0020404.dll (ID = 159)
01:46: a0027660.dll (ID = 159)
01:46: a0027754.dll (ID = 159)
01:47: a0027531.dll (ID = 159)
01:47: a0027662.dll (ID = 159)
01:47: a0017522.exe (ID = 122245)
01:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:47: a0027506.dll (ID = 159)
01:47: Found Adware: spysheriff
01:47: spysheriff.lnk (ID = 143527)
01:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:47: Found System Monitor: potentially rootkit-masked files
01:47: sysbus32.sys (ID = 0)
01:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:48: Warning: Unhandled Archive Type
01:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:49: Warning: Unhandled Archive Type
01:49: Warning: Unhandled Archive Type
01:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:02: 00056016.zip (ID = 119184)
02:02: 00056019.zip (ID = 119184)
02:03: Warning: Invalid Stream
02:03: Warning: Invalid Stream
02:03: File Sweep Complete, Elapsed Time: 00:34:25
02:03: Full Sweep has completed. Elapsed time 00:37:10
02:03: Traces Found: 318
02:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:05: Removal process initiated
02:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:05: Quarantining All Traces: ist istbar
02:05: Quarantining All Traces: look2me
02:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:06: look2me is in use. It will be removed on reboot.
02:06: t28ulcl91fq.dll is in use. It will be removed on reboot.
02:06: tpnlib4.dll is in use. It will be removed on reboot.
02:06: l8l60i3se8.dll is in use. It will be removed on reboot.
02:06: Quarantining All Traces: potentially rootkit-masked files
02:06: Quarantining All Traces: spysheriff fakealert
02:06: Quarantining All Traces: trojan-backdoor-us15info
02:06: Quarantining All Traces: trojan-downloader-toolbarpartner
02:06: Quarantining All Traces: coolwebsearch (cws)
02:06: Quarantining All Traces: dollarrevenue
02:06: Quarantining All Traces: findthewebsiteyouneed hijack
02:06: Quarantining All Traces: ist surf accuracy
02:06: Quarantining All Traces: ist yoursitebar
02:06: Quarantining All Traces: spysheriff
02:06: Quarantining All Traces: spywareno! components
02:06: Quarantining All Traces: targetsaver
02:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:07: Quarantining All Traces: topsearch
02:07: Quarantining All Traces: belnk cookie
02:07: Quarantining All Traces: hbmediapro cookie
02:07: Quarantining All Traces: maxserving cookie
02:07: Quarantining All Traces: mywebsearch cookie
02:07: Quarantining All Traces: partypoker cookie
02:07: Quarantining All Traces: passion cookie
02:07: Quarantining All Traces: realmedia cookie
02:07: Quarantining All Traces: reliablestats cookie
02:07: Quarantining All Traces: seeq cookie
02:07: Quarantining All Traces: winantispyware 2005
02:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:08: Quarantining All Traces: winantiviruspro cookie
02:08: Quarantining All Traces: yadro cookie
02:08: Quarantining All Traces: zedo cookie
02:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
02:09: Removal process completed. Elapsed time 00:03:49
********
01:20: | Start of Session, 28. januar 2006 |
01:20: Spy Sweeper started
01:22: Your spyware definitions have been updated.
01:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
01:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
01:26: | End of Session, 28. januar 2006 |




Logfile of HijackThis v1.99.1
Scan saved at 02:20:42, on 28.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\windows\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\system32\svchost.exe
C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
C:\Programfiler\Brother\ControlCenter2\brctrcen.exe
C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\windows\system32\ctfmon.exe
C:\Programfiler\Creative\Shared Files\CamTray.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\sistray.exe
C:\windows\system32\wuauclt.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Windows NT\Tilbehřr\WORDPAD.EXE
C:\Programfiler\Brother\Brmfcmon\brmfcwnd.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [PC Booster] C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Nls - C:\windows\system32\t28ulcl91fq.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
......There goes more to marriage than four bare legs in a bed......
....Be wiser than other people if you can, but do not tell them so.....

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 28 January 2006 - 10:06 AM

Fix this in HIJack

O20 - Winlogon Notify: Nls - C:\windows\system32\t28ulcl91fq.dll (file missing)

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
================
Get all of these and/or verify you have the current versions

SpywareBlaster 3.5.1 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/details...&displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize
============

How are things???????????
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 doopi

doopi
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Norway
  • Local time:09:11 PM

Posted 30 January 2006 - 06:58 AM

Things with me are fine, but the pc hawe still some poppups that i don't get writ of.



Logfile of HijackThis v1.99.1
Scan saved at 12:56:58, on 30.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\windows\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\system32\svchost.exe
C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programfiler\D-Tools\daemon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
C:\Programfiler\Brother\ControlCenter2\brctrcen.exe
C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe
C:\windows\system32\ctfmon.exe
C:\Programfiler\Creative\Shared Files\CamTray.exe
C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\sistray.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programfiler\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [PC Booster] C:\Programfiler\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programfiler\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programfiler\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
......There goes more to marriage than four bare legs in a bed......
....Be wiser than other people if you can, but do not tell them so.....

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 30 January 2006 - 10:21 AM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout

http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt,
==============
http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users