It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Undetectable virus - Non-Stop Pop-Ups

Posted 11/2/2005 3:43 AM
#22345
User avatar

J.P.D. Valued member

Date Joined Nov 2016
Total Posts: 19
[3]Somebody please help????<SPAN style="mso-spacerun: yes"> IE is constantly opening up whenever I’m logged into the internet.<SPAN style="mso-spacerun: yes"> It goes to websites that automatically download more viruses, media players, toolbars etc.<SPAN style="mso-spacerun: yes"> The funny thing is that it does not appear in the task bar.<SPAN style="mso-spacerun: yes"> It has been going on for like 1 week now and my computer has been slowing down dramatically.<SPAN style="mso-spacerun: yes"> I run Spybot S&D + Tea Time, Ad-Aware, and Norton Anti Virus….I must of done about 10 full system scans in the last week…..I delete all items, but the pop-ups keep coming!<SPAN style="mso-spacerun: yes"> I’ve done like 4 system restores but the virus follows me through to the old restore point. <SPAN style="mso-spacerun: yes"> Does somebody know what this virus is called?<SPAN style="mso-spacerun: yes"> How come it is undetectable?<SPAN style="mso-spacerun: yes"> How did I get it?<SPAN style="mso-spacerun: yes"> Below is my HijackThis log, can somebody help me???[/3] <br/> <br/><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p>[3] [/3]</o:p> <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Logfile of HijackThis v1.99.1<o:p></o:p>[/3] <br/> <br/>[3]Scan saved at 10:40:30 PM, on 11/1/2005<o:p></o:p>[/3] <br/> <br/>[3]Platform: Windows XP SP2 (WinNT 5.01.2600)<o:p></o:p>[/3] <br/> <br/>[3]MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Running processes:<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\System32\smss.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\system32\winlogon.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\system32\services.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\system32\lsass.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\system32\svchost.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\System32\svchost.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\system32\spoolsv.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\PROGRA~1\Iomega\System32\AppServices.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Norton AntiVirus\navapsvc.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\System32\svchost.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\System32\MsPMSPSv.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Iomega\AutoDisk\ADService.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\system32\rundll32.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\Explorer.EXE<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Apoint2K\Apoint.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccApp.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\windows\sp2update00.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\WINDOWS\system32\yloy\sdat.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Logitech\Profiler\lwemon.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Apoint2K\Apntex.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Messenger\msmsgs.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Internet Explorer\iexplore.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Internet Explorer\iexplore.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE<o:p></o:p>[/3] <br/> <br/>[3]C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE<o:p></o:p>[/3] <br/> <br/>[3]C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Internet Explorer\iexplore.exe<o:p></o:p>[/3] <br/> <br/>[3]C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE<o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE<o:p></o:p>[/3] <br/> <br/>[3]C:\Documents and Settings\J.P. DeLuca\Desktop\HijackThis.exe<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com<o:p></o:p>[/3] <br/> <br/>[3]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com<o:p></o:p>[/3] <br/> <br/>[3]O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll<o:p></o:p>[/3] <br/> <br/>[3]O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [sdat] C:\WINDOWS\system32\yloy\sdat.exe<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe<o:p></o:p>[/3] <br/> <br/>[3]O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background<o:p></o:p>[/3] <br/> <br/>[3]O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000<o:p></o:p>[/3] <br/> <br/>[3]O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<o:p></o:p>[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<o:p></o:p>[/3] <br/> <br/>[3]O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com<o:p></o:p>[/3] <br/> <br/>[3]O15 - Trusted Zone: *.elitemediagroup.net<o:p></o:p>[/3] <br/> <br/>[3]O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)<o:p></o:p>[/3] <br/> <br/>[3]O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe<o:p></o:p>[/3] <br/> <br/>[3]O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab<o:p></o:p>[/3] <br/> <br/>[3]O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab<o:p></o:p>[/3] <br/> <br/>[3]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122692227411<o:p></o:p>[/3] <br/> <br/>[3]O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab<o:p></o:p>[/3] <br/> <br/>[3]O16 - DPF: {C62EEC3F-D535-11D1-A663-006008AC53FC} (EngageTreeView Class) - http://cartman.engagenet.com/aem/Controls/EngageTree.dll<o:p></o:p>[/3] <br/> <br/>[3]O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/be!!!eled2/popcaploader_v6.cab<o:p></o:p>[/3] <br/> <br/>[3]O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://secure.nypa.gov/secure/cds/CGC/en/CSGProxy.cab<o:p></o:p>[/3] <br/> <br/>[3]O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\k862lijo18oc.dll<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe<o:p></o:p>[/3] <br/> <br/>[3]O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe<o:p></o:p>[/3]
Posted 11/2/2005 12:39 PM
#22374
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hey and welcome :smile: <br/> <br/> <br/> <br/> <br/>Download this scanner - cureit. <br/>http://www.atribune.org/downloads/l2mfix.exe <br/>http://www.downloads.subratam.org/l2mfix.exe <br/> <br/>Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. <br/> <br/>From the l2mfix folder on your desktop Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. <br/> <br/> <br/> <br/>IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/3/2005 5:21 AM
#22431
User avatar

J.P.D. Valued member

Date Joined Nov 2016
Total Posts: 19
[3]Touch you’re the man!<SPAN style="mso-spacerun: yes"> Thanks for helping me out.<SPAN style="mso-spacerun: yes"> So I ran the scanner cureit in safe mode and now 4 hours later, I’m 183 files lighter.<SPAN style="mso-spacerun: yes"> 5 were incurable???? I don’t understand why my Norton Anti Virus 2005, which is fully up to date, didn’t catch any of those b*stard files?<SPAN style="mso-spacerun: yes"> Should I get something else when my subscription is up?<SPAN style="mso-spacerun: yes"> What about the Spy Bot – Tea Timer which is supposed to prevent anything new from installing itself?<SPAN style="mso-spacerun: yes"> Is there a way from adding these 183 found files to a black list to prevent them from getting me again?[/3] <br/> <br/><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p>[3] [/3]</o:p> <br/> <br/>[3]Anyway I rebooted in normal mode and there are still pop ups…..a lot less.<SPAN style="mso-spacerun: yes"> When I go to the Yahoo home page, I get re-routed to some Russian website called (newshot.ru).<SPAN style="mso-spacerun: yes"> My Spy Bot Tea Timer went nuts after the re boot and I said accept to al but it kept flashing because of my blacklist which kept blocking stuff eventually I shut it off.[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]So now ran the 12mfix log and here it is:[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]L2MFIX find log 1.04a<o:p></o:p>[/3] <br/> <br/>[3]These are the registry keys present<o:p></o:p>[/3] <br/> <br/>[3]**********************************************************************************<o:p></o:p>[/3] <br/> <br/>[3]Winlogon/notify:<o:p></o:p>[/3] <br/> <br/>[3]Windows Registry Editor Version 5.00<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,00,00<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="ChainWlxLogoffEvent"<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,6c,00,00,00<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="CryptnetWlxLogoffEvent"<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]<o:p></o:p>[/3] <br/> <br/>[3]"DLLName"="cscdll.dll"<o:p></o:p>[/3] <br/> <br/>[3]"Logon"="WinlogonLogonEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="WinlogonLogoffEvent"<o:p></o:p>[/3] <br/> <br/>[3]"ScreenSaver"="WinlogonScreenSaverEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Startup"="WinlogonStartupEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Shutdown"="WinlogonShutdownEvent"<o:p></o:p>[/3] <br/> <br/>[3]"StartShell"="WinlogonStartShellEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings]<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"DllName"="C:\\WINDOWS\\system32\\g8lmli3118.dll"<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"Logon"="WinLogon"<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="WinLogoff"<o:p></o:p>[/3] <br/> <br/>[3]"Shutdown"="WinShutdown"<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]<o:p></o:p>[/3] <br/> <br/>[3]"DLLName"="wlnotify.dll"<o:p></o:p>[/3] <br/> <br/>[3]"Logon"="SCardStartCertProp"<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="SCardStopCertProp"<o:p></o:p>[/3] <br/> <br/>[3]"Lock"="SCardSuspendCertProp"<o:p></o:p>[/3] <br/> <br/>[3]"Unlock"="SCardResumeCertProp"<o:p></o:p>[/3] <br/> <br/>[3]"Enabled"=dword:00000001<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000001<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,6c,00,00,00<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"StartShell"="SchedStartShell"<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="SchedEventLogOff"<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="WLEventLogoff"<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001<o:p></o:p>[/3] <br/> <br/>[3]"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,6c,00,00,00<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]<o:p></o:p>[/3] <br/> <br/>[3]"DLLName"="WlNotify.dll"<o:p></o:p>[/3] <br/> <br/>[3]"Lock"="SensLockEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Logon"="SensLogonEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="SensLogoffEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Safe"=dword:00000001<o:p></o:p>[/3] <br/> <br/>[3]"MaxWait"=dword:00000258<o:p></o:p>[/3] <br/> <br/>[3]"StartScreenSaver"="SensStartScreenSaverEvent"<o:p></o:p>[/3] <br/> <br/>[3]"StopScreenSaver"="SensStopScreenSaverEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Startup"="SensStartupEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Shutdown"="SensShutdownEvent"<o:p></o:p>[/3] <br/> <br/>[3]"StartShell"="SensStartShellEvent"<o:p></o:p>[/3] <br/> <br/>[3]"PostShell"="SensPostShellEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Disconnect"="SensDisconnectEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Reconnect"="SensReconnectEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Unlock"="SensUnlockEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000001<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,6c,00,00,00<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000000<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="TSEventLogoff"<o:p></o:p>[/3] <br/> <br/>[3]"Logon"="TSEventLogon"<o:p></o:p>[/3] <br/> <br/>[3]"PostShell"="TSEventPostShell"<o:p></o:p>[/3] <br/> <br/>[3]"Shutdown"="TSEventShutdown"<o:p></o:p>[/3] <br/> <br/>[3]"StartShell"="TSEventStartShell"<o:p></o:p>[/3] <br/> <br/>[3]"Startup"="TSEventStartup"<o:p></o:p>[/3] <br/> <br/>[3]"MaxWait"=dword:00000258<o:p></o:p>[/3] <br/> <br/>[3]"Reconnect"="TSEventReconnect"<o:p></o:p>[/3] <br/> <br/>[3]"Disconnect"="TSEventDisconnect"<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]<o:p></o:p>[/3] <br/> <br/>[3]"DLLName"="wlnotify.dll"<o:p></o:p>[/3] <br/> <br/>[3]"Logon"="RegisterTicketExpiredNotificationEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Logoff"="UnregisterTicketExpiredNotificationEvent"<o:p></o:p>[/3] <br/> <br/>[3]"Impersonate"=dword:00000001<o:p></o:p>[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above<o:p></o:p>[/3] <br/> <br/>[3]Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)<o:p></o:p>[/3] <br/> <br/>[3]This program is Freeware, use it on your own risk!<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:<o:p></o:p>[/3] <br/> <br/>[3](NI)<SPAN style="mso-spacerun: yes"> ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> NT AUTHORITY\SYSTEM<o:p></o:p>[/3] <br/> <br/>[3](IO)<SPAN style="mso-spacerun: yes"> ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> NT AUTHORITY\SYSTEM<o:p></o:p>[/3] <br/> <br/>[3](ID-NI) ALLOW<SPAN style="mso-spacerun: yes"> Read<SPAN style="mso-spacerun: yes"> <SPAN style="mso-tab-count: 1"> BUILTIN\Users<o:p></o:p>[/3] <br/> <br/>[3](ID-IO) ALLOW <SPAN style="mso-spacerun: yes"> Read<SPAN style="mso-spacerun: yes"> <SPAN style="mso-tab-count: 1"> BUILTIN\Users<o:p></o:p>[/3] <br/> <br/>[3](ID-NI) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> BUILTIN\Administrators<o:p></o:p>[/3] <br/> <br/>[3](ID-IO) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> BUILTIN\Administrators<o:p></o:p>[/3] <br/> <br/>[3](ID-NI) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> NT AUTHORITY\SYSTEM<o:p></o:p>[/3] <br/> <br/>[3](ID-IO) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> NT AUTHORITY\SYSTEM<o:p></o:p>[/3] <br/> <br/>[3](ID-IO) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> CREATOR OWNER<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]**********************************************************************************<o:p></o:p>[/3] <br/> <br/>[3]useragent:<o:p></o:p>[/3] <br/> <br/>[3]Windows Registry Editor Version 5.00<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]<o:p></o:p>[/3] <br/> <br/>[3]"{18325B46-CD38-6FC3-521C-FBC1E88795CD}"=""<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]**********************************************************************************<o:p></o:p>[/3] <br/> <br/>[3]Shell Extension key:<o:p></o:p>[/3] <br/> <br/>[3]Windows Registry Editor Version 5.00<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]<o:p></o:p>[/3] <br/> <br/>[3]"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"<o:p></o:p>[/3] <br/> <br/>[3]"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"<o:p></o:p>[/3] <br/> <br/>[3]"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"<o:p></o:p>[/3] <br/> <br/>[3]"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"<o:p></o:p>[/3] <br/> <br/>[3]"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"<o:p></o:p>[/3] <br/> <br/>[3]"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"<o:p></o:p>[/3] <br/> <br/>[3]"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"<o:p></o:p>[/3] <br/> <br/>[3]"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"<o:p></o:p>[/3] <br/> <br/>[3]"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"<o:p></o:p>[/3] <br/> <br/>[3]"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"<o:p></o:p>[/3] <br/> <br/>[3]"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"<o:p></o:p>[/3] <br/> <br/>[3]"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"<o:p></o:p>[/3] <br/> <br/>[3]"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"<o:p></o:p>[/3] <br/> <br/>[3]"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"<o:p></o:p>[/3] <br/> <br/>[3]"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"<o:p></o:p>[/3] <br/> <br/>[3]"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"<o:p></o:p>[/3] <br/> <br/>[3]"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"<o:p></o:p>[/3] <br/> <br/>[3]"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"<o:p></o:p>[/3] <br/> <br/>[3]"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"<o:p></o:p>[/3] <br/> <br/>[3]"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"<o:p></o:p>[/3] <br/> <br/>[3]"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"<o:p></o:p>[/3] <br/> <br/>[3]"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"<o:p></o:p>[/3] <br/> <br/>[3]"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"<o:p></o:p>[/3] <br/> <br/>[3]"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"<o:p></o:p>[/3] <br/> <br/>[3]"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"<o:p></o:p>[/3] <br/> <br/>[3]"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"<o:p></o:p>[/3] <br/> <br/>[3]"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"<o:p></o:p>[/3] <br/> <br/>[3]"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"<o:p></o:p>[/3] <br/> <br/>[3]"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"<o:p></o:p>[/3] <br/> <br/>[3]"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"<o:p></o:p>[/3] <br/> <br/>[3]"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"<o:p></o:p>[/3] <br/> <br/>[3]"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"<o:p></o:p>[/3] <br/> <br/>[3]"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"<o:p></o:p>[/3] <br/> <br/>[3]"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"<o:p></o:p>[/3] <br/> <br/>[3]"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."<o:p></o:p>[/3] <br/> <br/>[3]"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"<o:p></o:p>[/3] <br/> <br/>[3]"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"<o:p></o:p>[/3] <br/> <br/>[3]"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"<o:p></o:p>[/3] <br/> <br/>[3]"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"<o:p></o:p>[/3] <br/> <br/>[3]"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><st1:place w:st="on">Midi</st1:place> Properties Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"<o:p></o:p>[/3] <br/> <br/>[3]"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"<o:p></o:p>[/3] <br/> <br/>[3]"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"<o:p></o:p>[/3] <br/> <br/>[3]"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"<o:p></o:p>[/3] <br/> <br/>[3]"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"<o:p></o:p>[/3] <br/> <br/>[3]"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"<o:p></o:p>[/3] <br/> <br/>[3]"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"<o:p></o:p>[/3] <br/> <br/>[3]"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"<o:p></o:p>[/3] <br/> <br/>[3]"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"<o:p></o:p>[/3] <br/> <br/>[3]"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"<o:p></o:p>[/3] <br/> <br/>[3]"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"<o:p></o:p>[/3] <br/> <br/>[3]"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"<o:p></o:p>[/3] <br/> <br/>[3]"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"<o:p></o:p>[/3] <br/> <br/>[3]"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"<o:p></o:p>[/3] <br/> <br/>[3]"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"<o:p></o:p>[/3] <br/> <br/>[3]"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"<o:p></o:p>[/3] <br/> <br/>[3]"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"<o:p></o:p>[/3] <br/> <br/>[3]"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"<o:p></o:p>[/3] <br/> <br/>[3]"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"<o:p></o:p>[/3] <br/> <br/>[3]"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"<o:p></o:p>[/3] <br/> <br/>[3]"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"<o:p></o:p>[/3] <br/> <br/>[3]"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"<o:p></o:p>[/3] <br/> <br/>[3]"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"<o:p></o:p>[/3] <br/> <br/>[3]"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"<o:p></o:p>[/3] <br/> <br/>[3]"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"<o:p></o:p>[/3] <br/> <br/>[3]"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"<o:p></o:p>[/3] <br/> <br/>[3]"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"<o:p></o:p>[/3] <br/> <br/>[3]"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"<o:p></o:p>[/3] <br/> <br/>[3]"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"<o:p></o:p>[/3] <br/> <br/>[3]"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"<o:p></o:p>[/3] <br/> <br/>[3]"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"<o:p></o:p>[/3] <br/> <br/>[3]"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"<o:p></o:p>[/3] <br/> <br/>[3]"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"<o:p></o:p>[/3] <br/> <br/>[3]"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"<o:p></o:p>[/3] <br/> <br/>[3]"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"<o:p></o:p>[/3] <br/> <br/>[3]"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"<o:p></o:p>[/3] <br/> <br/>[3]"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"<o:p></o:p>[/3] <br/> <br/>[3]"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"<o:p></o:p>[/3] <br/> <br/>[3]"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"<o:p></o:p>[/3] <br/> <br/>[3]"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"<o:p></o:p>[/3] <br/> <br/>[3]"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"<o:p></o:p>[/3] <br/> <br/>[3]"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"<o:p></o:p>[/3] <br/> <br/>[3]"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"<o:p></o:p>[/3] <br/> <br/>[3]"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"<o:p></o:p>[/3] <br/> <br/>[3]"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"<o:p></o:p>[/3] <br/> <br/>[3]"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"<o:p></o:p>[/3] <br/> <br/>[3]"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"<o:p></o:p>[/3] <br/> <br/>[3]"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"<o:p></o:p>[/3] <br/> <br/>[3]"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"<o:p></o:p>[/3] <br/> <br/>[3]"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"<o:p></o:p>[/3] <br/> <br/>[3]"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"<o:p></o:p>[/3] <br/> <br/>[3]"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"<o:p></o:p>[/3] <br/> <br/>[3]"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"<o:p></o:p>[/3] <br/> <br/>[3]"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"<o:p></o:p>[/3] <br/> <br/>[3]"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"<o:p></o:p>[/3] <br/> <br/>[3]"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"<o:p></o:p>[/3] <br/> <br/>[3]"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"<o:p></o:p>[/3] <br/> <br/>[3]"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"<o:p></o:p>[/3] <br/> <br/>[3]"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"<o:p></o:p>[/3] <br/> <br/>[3]"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"<o:p></o:p>[/3] <br/> <br/>[3]"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"<o:p></o:p>[/3] <br/> <br/>[3]"{CFCCC7A0-A282-11D1-9082-006008059382}"="<st1:City w:st="on"><st1:place w:st="on">Darwin</st1:place></st1:City> App Publisher"<o:p></o:p>[/3] <br/> <br/>[3]"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"<o:p></o:p>[/3] <br/> <br/>[3]"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"<o:p></o:p>[/3] <br/> <br/>[3]"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"<o:p></o:p>[/3] <br/> <br/>[3]"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"<o:p></o:p>[/3] <br/> <br/>[3]"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"<o:p></o:p>[/3] <br/> <br/>[3]"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"<o:p></o:p>[/3] <br/> <br/>[3]"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"<o:p></o:p>[/3] <br/> <br/>[3]"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"<o:p></o:p>[/3] <br/> <br/>[3]"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"<o:p></o:p>[/3] <br/> <br/>[3]"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"<o:p></o:p>[/3] <br/> <br/>[3]"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"<o:p></o:p>[/3] <br/> <br/>[3]"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"<o:p></o:p>[/3] <br/> <br/>[3]"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"<o:p></o:p>[/3] <br/> <br/>[3]"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"<o:p></o:p>[/3] <br/> <br/>[3]"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"<o:p></o:p>[/3] <br/> <br/>[3]"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"<o:p></o:p>[/3] <br/> <br/>[3]"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"<o:p></o:p>[/3] <br/> <br/>[3]"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"<o:p></o:p>[/3] <br/> <br/>[3]"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"<o:p></o:p>[/3] <br/> <br/>[3]"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"<o:p></o:p>[/3] <br/> <br/>[3]"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"<o:p></o:p>[/3] <br/> <br/>[3]"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"<o:p></o:p>[/3] <br/> <br/>[3]"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"<o:p></o:p>[/3] <br/> <br/>[3]"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"<o:p></o:p>[/3] <br/> <br/>[3]"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"<o:p></o:p>[/3] <br/> <br/>[3]"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"<o:p></o:p>[/3] <br/> <br/>[3]"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"<o:p></o:p>[/3] <br/> <br/>[3]"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"<o:p></o:p>[/3] <br/> <br/>[3]"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"<o:p></o:p>[/3] <br/> <br/>[3]"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"<o:p></o:p>[/3] <br/> <br/>[3]"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"<o:p></o:p>[/3] <br/> <br/>[3]"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"<o:p></o:p>[/3] <br/> <br/>[3]"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"<o:p></o:p>[/3] <br/> <br/>[3]"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"<o:p></o:p>[/3] <br/> <br/>[3]"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"<o:p></o:p>[/3] <br/> <br/>[3]"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"<o:p></o:p>[/3] <br/> <br/>[3]"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"<o:p></o:p>[/3] <br/> <br/>[3]"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"<o:p></o:p>[/3] <br/> <br/>[3]"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."<o:p></o:p>[/3] <br/> <br/>[3]"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"<o:p></o:p>[/3] <br/> <br/>[3]"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"<o:p></o:p>[/3] <br/> <br/>[3]"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"<o:p></o:p>[/3] <br/> <br/>[3]"{c7745760-8ead-11ce-b750-02608ca5202c}"="IomegaWare Shell Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{c7745761-8ead-11ce-b750-02608ca5202c}"="IomegaWare Shell Extension"<o:p></o:p>[/3] <br/> <br/>[3]"{A4DF5659-0801-4A60-9607-1C48695EFDA9}"="Share-to-Web Upload Folder"<o:p></o:p>[/3] <br/> <br/>[3]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"<o:p></o:p>[/3] <br/> <br/>[3]@=""<o:p></o:p>[/3] <br/> <br/>[3]"{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"<o:p></o:p>[/3] <br/> <br/>[3]"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"<o:p></o:p>[/3] <br/> <br/>[3]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"<o:p></o:p>[/3] <br/> <br/>[3]"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"<o:p></o:p>[/3] <br/> <br/>[3]"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"<o:p></o:p>[/3] <br/> <br/>[3]"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"<o:p></o:p>[/3] <br/> <br/>[3]"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"<o:p></o:p>[/3] <br/> <br/>[3]"{88A9ADAF-FC96-45BE-A6C1-0AA57C361CE3}"=""<o:p></o:p>[/3] <br/> <br/>[3]"{FB112208-A094-4CDB-B6B4-49FA816C8ACF}"=""<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]**********************************************************************************<o:p></o:p>[/3] <br/> <br/>[3]HKEY ROOT CLASSIDS:<o:p></o:p>[/3] <br/> <br/>[3]Windows Registry Editor Version 5.00<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_CLASSES_ROOT\CLSID\{88A9ADAF-FC96-45BE-A6C1-0AA57C361CE3}]<o:p></o:p>[/3] <br/> <br/>[3]@=""<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_CLASSES_ROOT\CLSID\{88A9ADAF-FC96-45BE-A6C1-0AA57C361CE3}\Implemented Categories]<o:p></o:p>[/3] <br/> <br/>[3]@=""<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_CLASSES_ROOT\CLSID\{88A9ADAF-FC96-45BE-A6C1-0AA57C361CE3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]<o:p></o:p>[/3] <br/> <br/>[3]@=""<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_CLASSES_ROOT\CLSID\{88A9ADAF-FC96-45BE-A6C1-0AA57C361CE3}\InprocServer32]<o:p></o:p>[/3] <br/> <br/>[3]@="C:\\WINDOWS\\system32\\mgjetoledb40.dll"<o:p></o:p>[/3] <br/> <br/>[3]"ThreadingModel"="Apartment"<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Windows Registry Editor Version 5.00<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_CLASSES_ROOT\CLSID\{FB112208-A094-4CDB-B6B4-49FA816C8ACF}]<o:p></o:p>[/3] <br/> <br/>[3]@=""<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_CLASSES_ROOT\CLSID\{FB112208-A094-4CDB-B6B4-49FA816C8ACF}\Implemented Categories]<o:p></o:p>[/3] <br/> <br/>[3]@=""<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_CLASSES_ROOT\CLSID\{FB112208-A094-4CDB-B6B4-49FA816C8ACF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]<o:p></o:p>[/3] <br/> <br/>[3]@=""<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_CLASSES_ROOT\CLSID\{FB112208-A094-4CDB-B6B4-49FA816C8ACF}\InprocServer32]<o:p></o:p>[/3] <br/> <br/>[3]@="C:\\WINDOWS\\system32\\SamRedir.dll"<o:p></o:p>[/3] <br/> <br/>[3]"ThreadingModel"="Apartment"<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]**********************************************************************************<o:p></o:p>[/3] <br/> <br/>[3]Files Found are not all bad files:<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]C:\WINDOWS\SYSTEM32\<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adwerkz.dll<SPAN style="mso-spacerun: yes"> Fri Oct 21 2005<SPAN style="mso-spacerun: yes"> 3:05:50p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 184,320<SPAN style="mso-spacerun: yes"> 180.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> browseui.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:04p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 1,019,904<SPAN style="mso-spacerun: yes"> 996.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> cdfview.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:04p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 151,040<SPAN style="mso-spacerun: yes"> 147.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> cdosys.dll<SPAN style="mso-spacerun: yes"> <SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 9 2005<SPAN style="mso-spacerun: yes"> 8:53:42p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 2,067,968<SPAN style="mso-spacerun: yes"> 1.97 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> danim.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:04p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 1,053,696<SPAN style="mso-spacerun: yes"> 1.00 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> dxtrans.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:04p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 205,312<SPAN style="mso-spacerun: yes"> 200.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> extmgr.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:04p<SPAN style="mso-spacerun: yes"> .....<SPAN style="mso-spacerun: yes"> 55,808<SPAN style="mso-spacerun: yes"> 54.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> g840li~1.dll<SPAN style="mso-spacerun: yes"> Thu Nov<SPAN style="mso-spacerun: yes"> 3 2005<SPAN style="mso-spacerun: yes"> 12:02:10a<SPAN style="mso-spacerun: yes"> ..S.R<SPAN style="mso-spacerun: yes"> 237,098<SPAN style="mso-spacerun: yes"> 231.54 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> g8lmli~1.dll<SPAN style="mso-spacerun: yes"> Wed Nov<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 8:57:24p<SPAN style="mso-spacerun: yes"> ..S.R<SPAN style="mso-spacerun: yes"> 236,349<SPAN style="mso-spacerun: yes"> 230.81 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> iepeers.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:04p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 251,392<SPAN style="mso-spacerun: yes"> 245.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> inseng.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:04p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 96,256<SPAN style="mso-spacerun: yes"> 94.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> jdoae.dll<SPAN style="mso-spacerun: yes"> Thu Nov<SPAN style="mso-spacerun: yes"> 3 2005<SPAN style="mso-spacerun: yes"> 12:03:52a<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 10,240<SPAN style="mso-spacerun: yes"> 10.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> linkinfo.dll<SPAN style="mso-spacerun: yes"> Wed Aug 31 2005<SPAN style="mso-spacerun: yes"> 8:41:54p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 19,968<SPAN style="mso-spacerun: yes"> 19.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> linkin~1.dll<SPAN style="mso-spacerun: yes"> Wed Aug 31 2005<SPAN style="mso-spacerun: yes"> 8:49:30p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 16,384<SPAN style="mso-spacerun: yes"> 16.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> linkin~2.dll<SPAN style="mso-spacerun: yes"> Wed Aug 31 2005<SPAN style="mso-spacerun: yes"> 8:49:30p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 16,384<SPAN style="mso-spacerun: yes"> 16.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> mshtml.dll<SPAN style="mso-spacerun: yes"> Tue Oct<SPAN style="mso-spacerun: yes"> 4 2005<SPAN style="mso-spacerun: yes"> 4:26:00p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 3,015,168<SPAN style="mso-spacerun: yes"> 2.88 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> mshtmled.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:06p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 448,512<SPAN style="mso-spacerun: yes"> 438.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> msrating.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:06p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 146,432<SPAN style="mso-spacerun: yes"> 143.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> mstime.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:06p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 530,432<SPAN style="mso-spacerun: yes"> 518.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> msxml3a.dll<SPAN style="mso-spacerun: yes"> Tue Nov<SPAN style="mso-spacerun: yes"> 1 2005<SPAN style="mso-spacerun: yes"> 8:53:40p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 24,576<SPAN style="mso-spacerun: yes"> 24.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> netman.dll<SPAN style="mso-spacerun: yes"> Mon Aug 22 2005<SPAN style="mso-spacerun: yes"> 1:29:46p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 197,632<SPAN style="mso-spacerun: yes"> 193.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> netman~2.dll<SPAN style="mso-spacerun: yes"> Mon Aug 22 2005<SPAN style="mso-spacerun: yes"> 1:36:34p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 154,624<SPAN style="mso-spacerun: yes"> 151.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> netman~3.dll<SPAN style="mso-spacerun: yes"> Mon Aug 22 2005<SPAN style="mso-spacerun: yes"> 1:36:34p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 154,624<SPAN style="mso-spacerun: yes"> 151.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> nsl33.dll<SPAN style="mso-spacerun: yes"> Sat Oct 22 2005<SPAN style="mso-spacerun: yes"> 7:03:56a<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 146,944<SPAN style="mso-spacerun: yes"> 143.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> nsw4a.dll<SPAN style="mso-spacerun: yes"> Fri Oct 21 2005<SPAN style="mso-spacerun: yes"> 9:03:56p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 146,944<SPAN style="mso-spacerun: yes"> 143.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> pipnetsh.dll<SPAN style="mso-spacerun: yes"> Wed Nov<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 8:59:10p<SPAN style="mso-spacerun: yes"> ..S.R<SPAN style="mso-spacerun: yes"> 237,098<SPAN style="mso-spacerun: yes"> 231.54 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> pngfilt.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:06p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 39,424<SPAN style="mso-spacerun: yes"> 38.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> qlink32.dll<SPAN style="mso-spacerun: yes"> Mon Sep 19 2005<SPAN style="mso-spacerun: yes"> 3:24:20p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 200,704<SPAN style="mso-spacerun: yes"> 196.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> quartz.dll<SPAN style="mso-spacerun: yes"> Mon Aug 29 2005<SPAN style="mso-spacerun: yes"> 10:54:26p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 1,287,168<SPAN style="mso-spacerun: yes"> 1.23 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> quartz~1.dll<SPAN style="mso-spacerun: yes"> Tue Aug 30 2005<SPAN style="mso-spacerun: yes"> 8:14:00a<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 1,227,776<SPAN style="mso-spacerun: yes"> 1.17 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> rastmon.dll<SPAN style="mso-spacerun: yes"> Tue Nov<SPAN style="mso-spacerun: yes"> 1 2005<SPAN style="mso-spacerun: yes"> 8:53:42p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 417,792<SPAN style="mso-spacerun: yes"> 408.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> samredir.dll<SPAN style="mso-spacerun: yes"> Thu Nov<SPAN style="mso-spacerun: yes"> 3 2005<SPAN style="mso-spacerun: yes"> 12:03:38a<SPAN style="mso-spacerun: yes"> .....<SPAN style="mso-spacerun: yes"> 236,349<SPAN style="mso-spacerun: yes"> 230.81 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> sdksfsg.dll<SPAN style="mso-spacerun: yes"> Thu Nov<SPAN style="mso-spacerun: yes"> 3 2005<SPAN style="mso-spacerun: yes"> 12:03:52a<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> <SPAN style="mso-spacerun: yes"> 46,080<SPAN style="mso-spacerun: yes"> 45.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> shdocvw.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:06p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 1,483,776<SPAN style="mso-spacerun: yes"> 1.41 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> shell32.dll<SPAN style="mso-spacerun: yes"> Thu Sep 22 2005<SPAN style="mso-spacerun: yes"> 10:05:30p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 8,450,560<SPAN style="mso-spacerun: yes"> 8.06 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> shell3~2.dll<SPAN style="mso-spacerun: yes"> Thu Sep 22 2005<SPAN style="mso-spacerun: yes"> 10:27:32p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 8,348,672<SPAN style="mso-spacerun: yes"> 7.96 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> shell3~3.dll<SPAN style="mso-spacerun: yes"> Thu Sep 22 2005<SPAN style="mso-spacerun: yes"> 10:27:32p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 8,348,672<SPAN style="mso-spacerun: yes"> 7.96 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> shell3~4.dll<SPAN style="mso-spacerun: yes"> Thu Sep 22 2005<SPAN style="mso-spacerun: yes"> 10:27:32p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 8,348,672<SPAN style="mso-spacerun: yes"> 7.96 M<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> shlwapi.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:06p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 473,600<SPAN style="mso-spacerun: yes"> 462.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> shlwap~2.dll<SPAN style="mso-spacerun: yes"> Wed Aug 31 2005<SPAN style="mso-spacerun: yes"> 8:49:30p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 409,088<SPAN style="mso-spacerun: yes"> 399.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> shlwap~3.dll<SPAN style="mso-spacerun: yes"> Wed Aug 31 2005<SPAN style="mso-spacerun: yes"> 8:49:30p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 409,088<SPAN style="mso-spacerun: yes"> 399.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> umpnpmgr.dll<SPAN style="mso-spacerun: yes"> Mon Aug 22 2005<SPAN style="mso-spacerun: yes"> 10:35:42p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 123,392<SPAN style="mso-spacerun: yes"> 120.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> umpnpm~2.dll<SPAN style="mso-spacerun: yes"> Mon Aug 22 2005<SPAN style="mso-spacerun: yes"> 10:51:10p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 111,104<SPAN style="mso-spacerun: yes"> 108.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> umpnpm~3.dll<SPAN style="mso-spacerun: yes"> Mon Aug 22 2005<SPAN style="mso-spacerun: yes"> 10:51:10p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 111,104<SPAN style="mso-spacerun: yes"> 108.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> urlmon.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:06p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 608,768<SPAN style="mso-spacerun: yes"> 594.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> urlmon~2.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 2:19:16p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 457,216<SPAN style="mso-spacerun: yes"> 446.50 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> wininet.dll<SPAN style="mso-spacerun: yes"> Fri Sep<SPAN style="mso-spacerun: yes"> 2 2005<SPAN style="mso-spacerun: yes"> 6:52:06p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 658,432<SPAN style="mso-spacerun: yes"> 643.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> winsrv.dll<SPAN style="mso-spacerun: yes"> Wed Aug 31 2005<SPAN style="mso-spacerun: yes"> 8:41:54p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 291,840<SPAN style="mso-spacerun: yes"> 285.00 K<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> wivowfax.dll<SPAN style="mso-spacerun: yes"> Thu Oct 27 2005<SPAN style="mso-spacerun: yes"> 10:12:48p<SPAN style="mso-spacerun: yes"> A....<SPAN style="mso-spacerun: yes"> 45,056<SPAN style="mso-spacerun: yes"> 44.00 K<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]49 items found:<SPAN style="mso-spacerun: yes"> 49 files (3 H/S), 0 directories.<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> Total of file sizes:<SPAN style="mso-spacerun: yes"> 52,959,438 bytes<SPAN style="mso-spacerun: yes"> 50.50 M<o:p></o:p>[/3] <br/> <br/>[3]Locate .tmp files:<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]C:\WINDOWS\SYSTEM32\<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> guard.tmp<SPAN style="mso-spacerun: yes"> Thu Nov<SPAN style="mso-spacerun: yes"> 3 2005<SPAN style="mso-spacerun: yes"> 12:04:38a<SPAN style="mso-spacerun: yes"> ..S.R<SPAN style="mso-spacerun: yes"> 236,349<SPAN style="mso-spacerun: yes"> 230.81 K<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]1 item found:<SPAN style="mso-spacerun: yes"> 1 file (1 H/S), 0 directories.<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> Total of file sizes:<SPAN style="mso-spacerun: yes"> 236,349 bytes<SPAN style="mso-spacerun: yes"> 230.81 K<o:p></o:p>[/3] <br/> <br/>[3]**********************************************************************************<o:p></o:p>[/3] <br/> <br/>[3]Directory Listing of system files:<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> Volume in drive C has no label.<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> Volume Serial Number is 4A87-3376<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> Directory of C:\WINDOWS\System32<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]11/03/2005<SPAN style="mso-spacerun: yes"> 12:04 AM<SPAN style="mso-spacerun: yes"> 236,349 guard.tmp<o:p></o:p>[/3] <br/> <br/>[3]11/03/2005<SPAN style="mso-spacerun: yes"> 12:02 AM<SPAN style="mso-spacerun: yes"> 237,098 g840lihm184a.dll<o:p></o:p>[/3] <br/> <br/>[3]11/02/2005<SPAN style="mso-spacerun: yes"> 08:59 PM<SPAN style="mso-spacerun: yes"> 237,098 pIpnetsh.dll<o:p></o:p>[/3] <br/> <br/>[3]11/02/2005<SPAN style="mso-spacerun: yes"> 08:57 PM<SPAN style="mso-spacerun: yes"> 236,349 g8lmli3118.dll<o:p></o:p>[/3] <br/> <br/>[3]10/25/2005<SPAN style="mso-spacerun: yes"> 06:35 AM<SPAN style="mso-spacerun: yes"> <DIR><SPAN style="mso-spacerun: yes"> dllcache<o:p></o:p>[/3] <br/> <br/>[3]11/12/2003<SPAN style="mso-spacerun: yes"> 07:14 PM<SPAN style="mso-spacerun: yes"> <DIR><SPAN style="mso-spacerun: yes"> Microsoft<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 4 File(s)<SPAN style="mso-spacerun: yes"> 946,894 bytes<o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 2 Dir(s)<SPAN style="mso-spacerun: yes"> 13,871,771,648 bytes free[/3]
Posted 11/3/2005 5:33 AM
#22434
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
I´ll comment your questions when we have fixed your log-ok? ;-) <br/> <br/>Let´s disable Teatimer <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 8.5pt; FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">[2]as it may hinder the removal of the infection. You can enable it after you're clean. [/2]<SPAN lang=EN-GB style="FONT-SIZE: 8.5pt; FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA"> <br/>[2]<SPAN class=postbody>To disable SpybotSD TeaTimer: <br/> <br/><SPAN class=postbody>Open Spybot and click on Mode and check Advanced Mode <br/><SPAN class=postbody>Check yes to next window. <br/><SPAN class=postbody>Click on Tools in bottom left hand corner. <br/><SPAN class=postbody>Click on System Startup icon. <br/><SPAN class=postbody>Uncheck Teatimer box. <br/><SPAN class=postbody>Click Allow Change box. <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 8.5pt; FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">You can follow this link if you need help: <SPAN style="FONT-SIZE: 8.5pt; FONT-FAMILY: Tahoma; mso-ansi-language: DA; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">[color=#0000ff>http://russelltexas.com/malware/teatimer.htm[/2]<SPAN] <SPAN lang=EN-GB style="FONT-SIZE: 8.5pt; FONT-FAMILY: Tahoma; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">[/color]<BR style="mso-special-character: line-break">Download CWShredder: http://www.trendmicro.com/cwshredder/ <br/>Update it !! <br/> <br/>From the l2mfix folder on your desktop, double click l2mfix.bat <br/>Now select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, <br/>then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. <br/> <br/>If nothing happen after reboot open the l2mfix folder, doubleclick on Second Bat. then the fix should continue <br/> <br/>Reboot, run cwshredder and L2m. option #2 again, I don´t need a log from this scan. <br/> <br/>Reboot <br/> <br/>Copy the contents of firstl l2m log and paste it back into this thread, along with a new hijackthis log. <br/> <br/> <br/> <br/> <br/><br /><br /> <br/><br /><br />

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/4/2005 4:45 AM
#22502
User avatar

J.P.D. Valued member

Date Joined Nov 2016
Total Posts: 19
[3]OK[/3] <br/> <br/>[3]Tea Timer is disabled. [/3] <br/> <br/>[3]The CW Shredder update gave me no confirmation and when I ran the “fix” it was quick and removed 2 files.<SPAN style="mso-spacerun: yes"> [/3] <br/> <br/>[3]After reboot I started getting this Run DLL Error, “An Exception occurred trying to run “c:\windows…….\mzvidctldll,” DLL Get Version”[/3] <br/> <br/><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p>[3] [/3]</o:p> <br/> <br/>[3]Here is the L2Mfix log:[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Setting Directory[/3] <br/> <br/>[3]C:\ [/3] <br/> <br/>[3]C:\ [/3] <br/> <br/>[3]System Rebooted! [/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]Running From:[/3] <br/> <br/>[3]C:\[/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]killing explorer and rundll32.exe [/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03[/3] <br/> <br/>[3]Copyright(C) 2002-2003 Craig.Pea!!!!@beyondlogic.org[/3] <br/> <br/>[3]Killing PID 1256 'explorer.exe'[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03[/3] <br/> <br/>[3]Copyright(C) 2002-2003 Craig.Pea!!!!@beyondlogic.org[/3] <br/> <br/>[3]Killing PID 1268 'rundll32.exe'[/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]Scanning <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><st1:place w:st="on"><st1:PlaceName w:st="on">First</st1:PlaceName> <st1:PlaceType w:st="on">Pass.</st1:PlaceType></st1:place> Please Wait![/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]<st1:place w:st="on"><st1:PlaceName w:st="on">First</st1:PlaceName> <st1:PlaceType w:st="on">Pass</st1:PlaceType></st1:place> Completed [/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]<st1:place w:st="on"><st1:PlaceName w:st="on">Second</st1:PlaceName> <st1:PlaceType w:st="on">Pass</st1:PlaceType></st1:place> Scanning [/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]Second pass Completed![/3] <br/> <br/>[3]Backing Up: C:\WINDOWS\system32\m064lajq1doe.dll[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 1 file(s) copied.[/3] <br/> <br/>[3]Backing Up: C:\WINDOWS\system32\pIpnetsh.dll[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 1 file(s) copied.[/3] <br/> <br/>[3]Backing Up: C:\WINDOWS\system32\guard.tmp[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 1 file(s) copied.[/3] <br/> <br/>[3]deleting: C:\WINDOWS\system32\m064lajq1doe.dll<SPAN style="mso-spacerun: yes"> [/3] <br/> <br/>[3]Successfully Deleted: C:\WINDOWS\system32\m064lajq1doe.dll[/3] <br/> <br/>[3]deleting: C:\WINDOWS\system32\pIpnetsh.dll<SPAN style="mso-spacerun: yes"> [/3] <br/> <br/>[3]Successfully Deleted: C:\WINDOWS\system32\pIpnetsh.dll[/3] <br/> <br/>[3]deleting: C:\WINDOWS\system32\guard.tmp<SPAN style="mso-spacerun: yes"> [/3] <br/> <br/>[3]Successfully Deleted: C:\WINDOWS\system32\guard.tmp[/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]Zipping up files for submission:[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: m064lajq1doe.dll (104 bytes security) (deflated 5%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: pIpnetsh.dll (104 bytes security) (deflated 5%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: guard.tmp (104 bytes security) (deflated 5%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: clear.reg (104 bytes security) (deflated 22%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: asdf.txt (104 bytes security) (deflated 68%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: COMLOG.txt (104 bytes security) (stored 0%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: lo2.txt (104 bytes security) (deflated 66%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: test.txt (104 bytes security) (deflated 46%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: test2.txt (104 bytes security) (stored 0%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: test3.txt (104 bytes security) (stored 0%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: test5.txt (104 bytes security) (stored 0%)[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> adding: xfind.txt (104 bytes security) (deflated 39%)[/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]Restoring Registry Permissions: [/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above[/3] <br/> <br/>[3]Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)[/3] <br/> <br/>[3]This program is Freeware, use it on your own risk![/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Revoking access for predefined group "Administrators"[/3] <br/> <br/>[3]Inherited ACE can not be revoked here![/3] <br/> <br/>[3]Inherited ACE can not be revoked here![/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]Registry permissions set too:[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above[/3] <br/> <br/>[3]Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)[/3] <br/> <br/>[3]This program is Freeware, use it on your own risk![/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:[/3] <br/> <br/>[3](NI)<SPAN style="mso-spacerun: yes"> ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> NT AUTHORITY\SYSTEM[/3] <br/> <br/>[3](IO)<SPAN style="mso-spacerun: yes"> ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> NT AUTHORITY\SYSTEM[/3] <br/> <br/>[3](ID-NI) ALLOW<SPAN style="mso-spacerun: yes"> Read<SPAN style="mso-spacerun: yes"> <SPAN style="mso-tab-count: 1"> BUILTIN\Users[/3] <br/> <br/>[3](ID-IO) ALLOW<SPAN style="mso-spacerun: yes"> Read<SPAN style="mso-spacerun: yes"> <SPAN style="mso-tab-count: 1"> BUILTIN\Users[/3] <br/> <br/>[3](ID-NI) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> BUILTIN\Administrators[/3] <br/> <br/>[3](ID-IO) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> BUILTIN\Administrators[/3] <br/> <br/>[3](ID-NI) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> NT AUTHORITY\SYSTEM[/3] <br/> <br/>[3](ID-IO) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> NT AUTHORITY\SYSTEM[/3] <br/> <br/>[3](ID-IO) ALLOW<SPAN style="mso-spacerun: yes"> Full access <SPAN style="mso-tab-count: 1"> CREATOR OWNER[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Restoring Sedebugprivilege:[/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> Granting SeDebugPrivilege to Administrators<SPAN style="mso-spacerun: yes"> ... successful[/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]Restoring Windows Update Certificates.:[/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]deleting local copy: m064lajq1doe.dll<SPAN style="mso-spacerun: yes"> [/3] <br/> <br/>[3]deleting local copy: pIpnetsh.dll<SPAN style="mso-spacerun: yes"> [/3] <br/> <br/>[3]deleting local copy: guard.tmp<SPAN style="mso-spacerun: yes"> [/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]The following Is the Current Export of the Winlogon notify key:[/3] <br/> <br/>[3]****************************************************************************[/3] <br/> <br/>[3]Windows Registry Editor Version 5.00[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain][/3] <br/> <br/>[3]"Asynchronous"=dword:00000000[/3] <br/> <br/>[3]"Impersonate"=dword:00000000[/3] <br/> <br/>[3]"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,00,00[/3] <br/> <br/>[3]"Logoff"="ChainWlxLogoffEvent"[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet][/3] <br/> <br/>[3]"Asynchronous"=dword:00000000[/3] <br/> <br/>[3]"Impersonate"=dword:00000000[/3] <br/> <br/>[3]"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,6c,00,00,00[/3] <br/> <br/>[3]"Logoff"="CryptnetWlxLogoffEvent"[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll][/3] <br/> <br/>[3]"DLLName"="cscdll.dll"[/3] <br/> <br/>[3]"Logon"="WinlogonLogonEvent"[/3] <br/> <br/>[3]"Logoff"="WinlogonLogoffEvent"[/3] <br/> <br/>[3]"ScreenSaver"="WinlogonScreenSaverEvent"[/3] <br/> <br/>[3]"Startup"="WinlogonStartupEvent"[/3] <br/> <br/>[3]"Shutdown"="WinlogonShutdownEvent"[/3] <br/> <br/>[3]"StartShell"="WinlogonStartShellEvent"[/3] <br/> <br/>[3]"Impersonate"=dword:00000000[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp][/3] <br/> <br/>[3]"DLLName"="wlnotify.dll"[/3] <br/> <br/>[3]"Logon"="SCardStartCertProp"[/3] <br/> <br/>[3]"Logoff"="SCardStopCertProp"[/3] <br/> <br/>[3]"Lock"="SCardSuspendCertProp"[/3] <br/> <br/>[3]"Unlock"="SCardResumeCertProp"[/3] <br/> <br/>[3]"Enabled"=dword:00000001[/3] <br/> <br/>[3]"Impersonate"=dword:00000001[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule][/3] <br/> <br/>[3]"Asynchronous"=dword:00000000[/3] <br/> <br/>[3]"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,6c,00,00,00[/3] <br/> <br/>[3]"Impersonate"=dword:00000000[/3] <br/> <br/>[3]"StartShell"="SchedStartShell"[/3] <br/> <br/>[3]"Logoff"="SchedEventLogOff"[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy][/3] <br/> <br/>[3]"Logoff"="WLEventLogoff"[/3] <br/> <br/>[3]"Impersonate"=dword:00000000[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001[/3] <br/> <br/>[3]"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,6c,00,00,00[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn][/3] <br/> <br/>[3]"DLLName"="WlNotify.dll"[/3] <br/> <br/>[3]"Lock"="SensLockEvent"[/3] <br/> <br/>[3]"Logon"="SensLogonEvent"[/3] <br/> <br/>[3]"Logoff"="SensLogoffEvent"[/3] <br/> <br/>[3]"Safe"=dword:00000001[/3] <br/> <br/>[3]"MaxWait"=dword:00000258[/3] <br/> <br/>[3]"StartScreenSaver"="SensStartScreenSaverEvent"[/3] <br/> <br/>[3]"StopScreenSaver"="SensStopScreenSaverEvent"[/3] <br/> <br/>[3]"Startup"="SensStartupEvent"[/3] <br/> <br/>[3]"Shutdown"="SensShutdownEvent"[/3] <br/> <br/>[3]"StartShell"="SensStartShellEvent"[/3] <br/> <br/>[3]"PostShell"="SensPostShellEvent"[/3] <br/> <br/>[3]"Disconnect"="SensDisconnectEvent"[/3] <br/> <br/>[3]"Reconnect"="SensReconnectEvent"[/3] <br/> <br/>[3]"Unlock"="SensUnlockEvent"[/3] <br/> <br/>[3]"Impersonate"=dword:00000001[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv][/3] <br/> <br/>[3]"Asynchronous"=dword:00000000[/3] <br/> <br/>[3]"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\[/3] <br/> <br/>[3]<SPAN style="mso-spacerun: yes"> 6c,00,6c,00,00,00[/3] <br/> <br/>[3]"Impersonate"=dword:00000000[/3] <br/> <br/>[3]"Logoff"="TSEventLogoff"[/3] <br/> <br/>[3]"Logon"="TSEventLogon"[/3] <br/> <br/>[3]"PostShell"="TSEventPostShell"[/3] <br/> <br/>[3]"Shutdown"="TSEventShutdown"[/3] <br/> <br/>[3]"StartShell"="TSEventStartShell"[/3] <br/> <br/>[3]"Startup"="TSEventStartup"[/3] <br/> <br/>[3]"MaxWait"=dword:00000258[/3] <br/> <br/>[3]"Reconnect"="TSEventReconnect"[/3] <br/> <br/>[3]"Disconnect"="TSEventDisconnect"[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon][/3] <br/> <br/>[3]"DLLName"="wlnotify.dll"[/3] <br/> <br/>[3]"Logon"="RegisterTicketExpiredNotificationEvent"[/3] <br/> <br/>[3]"Logoff"="UnregisterTicketExpiredNotificationEvent"[/3] <br/> <br/>[3]"Impersonate"=dword:00000001[/3] <br/> <br/>[3]"Asynchronous"=dword:00000001[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif][/3] <br/> <br/>[3]"DLLName"="wzcdlg.dll"[/3] <br/> <br/>[3]"Logon"="WZCEventLogon"[/3] <br/> <br/>[3]"Logoff"="WZCEventLogoff"[/3] <br/> <br/>[3]"Impersonate"=dword:00000000[/3] <br/> <br/>[3]"Asynchronous"=dword:00000000[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]The following are the files found: [/3] <br/> <br/>[3]****************************************************************************[/3] <br/> <br/>[3]C:\WINDOWS\system32\m064lajq1doe.dll [/3] <br/> <br/>[3]C:\WINDOWS\system32\pIpnetsh.dll [/3] <br/> <br/>[3]C:\WINDOWS\system32\guard.tmp [/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]Registry Entries that were Deleted: [/3] <br/> <br/>[3]Please verify that the listing looks ok.<SPAN style="mso-spacerun: yes"> [/3] <br/> <br/>[3]If there was something deleted wrongly there are backups in the backreg folder. [/3] <br/> <br/>[3]****************************************************************************[/3] <br/> <br/>[3]REGEDIT4[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved][/3] <br/> <br/>[3]"{FB112208-A094-4CDB-B6B4-49FA816C8ACF}"=-[/3] <br/> <br/>[3][-HKEY_CLASSES_ROOT\CLSID\{FB112208-A094-4CDB-B6B4-49FA816C8ACF}][/3] <br/> <br/>[3]REGEDIT4[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][/3] <br/> <br/>[3][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][/3] <br/> <br/>[3]"SV1"=""[/3] <br/> <br/>[3]****************************************************************************[/3] <br/> <br/>[3]Desktop.ini Contents: [/3] <br/> <br/>[3]****************************************************************************[/3] <br/> <br/>[3]****************************************************************************[/3] <br/> <br/>[3][/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Here is the hijackthis log:[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Logfile of HijackThis v1.99.1[/3] <br/> <br/>[3]Scan saved at 11:40:26 PM, on 11/3/2005[/3] <br/> <br/>[3]Platform: Windows XP SP2 (WinNT 5.01.2600)[/3] <br/> <br/>[3]MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Running processes:[/3] <br/> <br/>[3]C:\WINDOWS\System32\smss.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\winlogon.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\services.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\lsass.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\svchost.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\svchost.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\spoolsv.exe[/3] <br/> <br/>[3]C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[/3] <br/> <br/>[3]C:\PROGRA~1\Iomega\System32\AppServices.exe[/3] <br/> <br/>[3]C:\Program Files\Norton AntiVirus\navapsvc.exe[/3] <br/> <br/>[3]C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[/3] <br/> <br/>[3]C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\svchost.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\MsPMSPSv.exe[/3] <br/> <br/>[3]C:\Program Files\Iomega\AutoDisk\ADService.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[/3] <br/> <br/>[3]C:\WINDOWS\explorer.exe[/3] <br/> <br/>[3]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[/3] <br/> <br/>[3]C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[/3] <br/> <br/>[3]C:\Documents and Settings\J.P. DeLuca\Desktop\HijackThis.exe[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com[/3] <br/> <br/>[3]R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank[/3] <br/> <br/>[3]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[/3] <br/> <br/>[3]O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll[/3] <br/> <br/>[3]O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [sdat] C:\WINDOWS\system32\yloy\sdat.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lk4pss.exe reg_run[/3] <br/> <br/>[3]O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background[/3] <br/> <br/>[3]O4 - Global Startup: ndpa.exe[/3] <br/> <br/>[3]O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000[/3] <br/> <br/>[3]O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm[/3] <br/> <br/>[3]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll[/3] <br/> <br/>[3]O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL[/3] <br/> <br/>[3]O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)[/3] <br/> <br/>[3]O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe[/3] <br/> <br/>[3]O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm[/3] <br/> <br/>[3]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/3] <br/> <br/>[3]O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com[/3] <br/> <br/>[3]O15 - Trusted Zone: *.elitemediagroup.net[/3] <br/> <br/>[3]O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)[/3] <br/> <br/>[3]O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe[/3] <br/> <br/>[3]O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[/3] <br/> <br/>[3]O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab[/3] <br/> <br/>[3]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122692227411[/3] <br/> <br/>[3]O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab[/3] <br/> <br/>[3]O16 - DPF: {C62EEC3F-D535-11D1-A663-006008AC53FC} (EngageTreeView Class) - http://cartman.engagenet.com/aem/Controls/EngageTree.dll[/3] <br/> <br/>[3]O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/be!!!eled2/popcaploader_v6.cab[/3] <br/> <br/>[3]O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://secure.nypa.gov/secure/cds/CGC/en/CSGProxy.cab[/3] <br/> <br/>[3]O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[/3] <br/> <br/>[3]O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe[/3] <br/> <br/>[3]O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe[/3] <br/> <br/>[3]O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe[/3] <br/> <br/>[3]O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe[/3] <br/> <br/>[3]O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[/3] <br/> <br/>[3]O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[/3] <br/> <br/>[3]O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/3] <br/> <br/>[3]O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[/3] <br/> <br/>[3]O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe[/3]
Posted 11/4/2005 4:50 PM
#22529
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Trusted Zone removal: <br/>Right click <SPAN style="COLOR: black">http://mvps.org/winhelp2002/DelDomains.inf and select Save As to download WinHelp2002's DelDomains.inf. <br/>Please save the file somewhere you can find it like on the desktop. <br/>To run the inf file, right click on it and select Install.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Please go offline<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-ansi-language: EN-GB">Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody>Click fix checked.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p>[/3] <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">[3]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [/3][url=http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com][3]http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[/3][/url] <br/>[3]O4 - HKLM\..\Run: [sdat] C:\WINDOWS\system32\yloy\sdat.exe[/3]<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lk4pss.exe reg_run<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p>[/3] <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">O4 - Global Startup: ndpa.exe <br/>O15 - Trusted Zone: *.elitemediagroup.net<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p>[/3] <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p>[/3] <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p>[/3] <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">[3][/3]<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Reboot into Safe Mode by tapping F8 after the BIOS has loaded. <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">The Windows Advanced Options Menu appears. <br/>If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. <br/>To resolve this, restart the computer and try again. <br/>Ensure that the Safe mode option is selected. <br/>Press Enter. The computer then begins to start in Safe mode. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Delete the following files or folders (delete item in bold). Please do not be concerned if <br/>any of the items are not found as they may have been automatically removed by actions I had <br/>you take earlier in the cleaning process.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody1>Open Folder Options in Controlpanel >view and check your settings: <br/><SPAN class=postbody1>Select <br/><SPAN class=postbody1>Show hidden files and folders <br/><SPAN class=postbody1>Display the contents of system folders <br/><SPAN class=postbody1>Uncheck: Hide protected operating system files <o:p></o:p> <br/> <br/><SPAN class=postbody1><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana">Delete:<o:p></o:p> <br/> <br/><SPAN class=postbody1><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana">Files:<o:p></o:p> <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">C:\WINDOWS\system32\lk4pss.exe<SPAN class=postbody1><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana"><o:p></o:p>[/3] <br/> <br/><SPAN class=postbody1><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana"> <o:p></o:p> <br/> <br/><SPAN class=postbody1><SPAN style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana">Folders:<o:p></o:p> <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">C:\WINDOWS\system32\yloy\sdat.exe<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p>[/3] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody1>Next go to Start- Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click. <br/><SPAN class=postbody1>Be sure the first three boxes are selected: <br/><SPAN class=postbody1>Search System folders <br/><SPAN class=postbody1>Search Hidden Files and folders <br/><SPAN class=postbody1>Search SubFolders<SPAN class=postbody><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">And delete:<SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">[3]ndpa.exe[/3] <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">[3]<o:p></o:p>[/3] <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">[3] <o:p></o:p>[/3] <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">[3]Reboot, post new log and tell how things are running<o:p></o:p>[/3] <br/> <br/><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">[3] <o:p></o:p>[/3]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/5/2005 3:42 AM
#22547
User avatar

J.P.D. Valued member

Date Joined Nov 2016
Total Posts: 19
[3]Touch,[/3] <br/> <br/>[3]I deleted most of what you said but could not find the following:[/3] <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">O4 - Global Startup: ndpa.exe <br/>O15 - Trusted Zone: *.elitemediagroup.net<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>[/3] <br/> <br/>[3]<SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]While in safe mode…..[/3] <br/> <br/>[3]The file <B style="mso-bidi-font-weight: normal">C:windows\system32\lk4pss.exe</B> could not be deleted because it was write protected or being used.[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Could not find <B style="mso-bidi-font-weight: normal">ndpa.exe</B>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/><SPAN style="COLOR: black">[3]The popups are far less frequent like 1 every 10 minutes, also I’m not at 100% speed….<o:p></o:p>[/3] <br/> <br/><SPAN style="COLOR: black"><o:p>[3] [/3]</o:p> <br/> <br/><SPAN style="COLOR: black">[3]Here is the latest Hijackthis log:<o:p></o:p>[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Logfile of HijackThis v1.99.1[/3] <br/> <br/>[3]Scan saved at 10:03:55 PM, on 11/4/2005[/3] <br/> <br/>[3]Platform: Windows XP SP2 (WinNT 5.01.2600)[/3] <br/> <br/>[3]MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]Running processes:[/3] <br/> <br/>[3]C:\WINDOWS\System32\smss.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\winlogon.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\services.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\lsass.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\svchost.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\svchost.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\spoolsv.exe[/3] <br/> <br/>[3]C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[/3] <br/> <br/>[3]C:\PROGRA~1\Iomega\System32\AppServices.exe[/3] <br/> <br/>[3]C:\Program Files\Norton AntiVirus\navapsvc.exe[/3] <br/> <br/>[3]C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[/3] <br/> <br/>[3]C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\svchost.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\MsPMSPSv.exe[/3] <br/> <br/>[3]C:\Program Files\Iomega\AutoDisk\ADService.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[/3] <br/> <br/>[3]C:\WINDOWS\Explorer.EXE[/3] <br/> <br/>[3]C:\Program Files\Apoint2K\Apoint.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccApp.exe[/3] <br/> <br/>[3]C:\Program Files\Messenger\msmsgs.exe[/3] <br/> <br/>[3]C:\Program Files\Apoint2K\Apntex.exe[/3] <br/> <br/>[3]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[/3] <br/> <br/>[3]C:\Program Files\Internet Explorer\iexplore.exe[/3] <br/> <br/>[3]C:\Documents and Settings\J.P. DeLuca\Desktop\HijackThis.exe[/3] <br/> <br/><o:p>[3] [/3]</o:p> <br/> <br/>[3]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com[/3] <br/> <br/>[3]O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll[/3] <br/> <br/>[3]O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lk4pss.exe reg_run[/3] <br/> <br/>[3]O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background[/3] <br/> <br/>[3]O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000[/3] <br/> <br/>[3]O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm[/3] <br/> <br/>[3]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll[/3] <br/> <br/>[3]O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL[/3] <br/> <br/>[3]O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)[/3] <br/> <br/>[3]O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe[/3] <br/> <br/>[3]O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm[/3] <br/> <br/>[3]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/3] <br/> <br/>[3]O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com[/3] <br/> <br/>[3]O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[/3] <br/> <br/>[3]O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab[/3] <br/> <br/>[3]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122692227411[/3] <br/> <br/>[3]O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab[/3] <br/> <br/>[3]O16 - DPF: {C62EEC3F-D535-11D1-A663-006008AC53FC} (EngageTreeView Class) - http://cartman.engagenet.com/aem/Controls/EngageTree.dll[/3] <br/> <br/>[3]O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/be!!!eled2/popcaploader_v6.cab[/3] <br/> <br/>[3]O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://secure.nypa.gov/secure/cds/CGC/en/CSGProxy.cab[/3] <br/> <br/>[3]O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[/3] <br/> <br/>[3]O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe[/3] <br/> <br/>[3]O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe[/3] <br/> <br/>[3]O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe[/3] <br/> <br/>[3]O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe[/3] <br/> <br/>[3]O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[/3] <br/> <br/>[3]O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[/3] <br/> <br/>[3]O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/3] <br/> <br/>[3]O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[/3] <br/> <br/>[3]O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe[/3] <br/> <br/><o:p>[3] [/3]</o:p>
Posted 11/5/2005 8:42 AM
#22565
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma">Download the trial version of Ewido Security Suite from <SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"><SPAN lang=EN-GB style="COLOR: red; mso-ansi-language: EN-GB">here<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> and save it to your Desktop. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <br/><SPAN class=postbody>When the download has finished, locate ewido-setup.exe and double click it to begin installation. <br/><SPAN class=postbody>**If you already have Ewido installed, update it and go to 2)** <br/> <br/><SPAN class=postbody>In the 'Additional Options' window, uncheck both: <br/><SPAN class=postbody>'Install required for automatic updates (background guard)' and <br/><SPAN class=postbody>'Install scan via context menu'. <br/> <br/><SPAN class=postbody>When installation is complete, you will need to update Ewido to the latest definition files. <br/><SPAN class=postbody>To do this: <br/><SPAN class=postbody>Double click the Ewido Desktop icon. <br/><SPAN class=postbody>In the main screen, on the left hand side, click Update. <br/><SPAN class=postbody>In the following screen, click Start Update <br/> <br/><SPAN class=postbody>A progress bar will show how the update is going. When it has finished updating, close it. <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"><SPAN class=postbody> <br/> <br/> <br/><SPAN class=postbody><SPAN style="mso-spacerun: yes"> 2) Download Trackqoo.zip from <SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"><SPAN lang=EN-GB style="COLOR: red; mso-ansi-language: EN-GB">here<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> and save it to your Desktop. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <br/><SPAN class=postbody>You will need to extract the file(s): <br/><SPAN class=postbody>Right click on the zipped folder and from the menu that appears, click on Extract All... <br/><SPAN class=postbody>In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again. <br/><SPAN class=postbody>In the final window, click on Finish. <br/> <br/><SPAN class=postbody>You should now see the contents of the Trackqoo folder - Track qoo 1.vbs <br/><SPAN class=postbody>Close it - you will need it later. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"><SPAN class=postbody> <br/> <br/><SPAN class=postbody>3) Download WinPFind.zip from <SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"><SPAN lang=EN-GB style="COLOR: red; mso-ansi-language: EN-GB">here<SPAN class=postbody><SPAN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma">and save it to your Desktop. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"> <br/><SPAN class=postbody>You will need to extract the file(s): <br/><SPAN class=postbody>Right click on the zipped folder and from the menu that appears, click on Extract All... <br/><SPAN class=postbody>In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again. <br/><SPAN class=postbody>In the final window, click on Finish <br/> <br/><SPAN class=postbody>You should now see a window with the WinPFind folder in it. <br/><SPAN class=postbody>Close it - you will need it later. <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"> <br/><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"><SPAN style="mso-spacerun: yes"> <br/><SPAN class=postbody>1) Boot into Safe Mode. <br/><SPAN style="mso-spacerun: yes"> <br/><SPAN class=postbody>2) Run Ewido. <br/><SPAN class=postbody>Click on Scanner <br/><SPAN class=postbody>Click on Complete System Scan and the scan will begin. <br/><SPAN class=postbody>While the scan is in progress you will be prompted to clean files, click OK. <br/><SPAN class=postbody>When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says 'Perform action with all infections' then choose clean and click OK. <br/><SPAN class=postbody>Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it. <br/><SPAN class=postbody>Save the report.txt file to your desktop. <br/> <br/><SPAN class=postbody>Now close ewido security suite. <br/> <br/><SPAN class=postbody>Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !! <br/> <br/><SPAN class=postbody>3) Go to Start > Run, enter %temp% and click on OK <br/><SPAN class=postbody>Delete all the files that you find there. <br/> <br/><SPAN class=postbody>4) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files... <br/><SPAN class=postbody>Check the box to the left of 'Delete all offline content' and then click on OK. <br/> <br/><SPAN class=postbody>5) Open the Trackqoo folder and double click Track qoo 1.vbs to run it, and OK it with any real-time protection you have running. <br/><SPAN class=postbody>It will produce a text file called Report.txt that will be saved into the Trackqoo folder. <br/><SPAN class=postbody>Please post this file. <br/> <br/><SPAN class=postbody>6) Open the WinPFind folder and double click winpfind.exe. <br/><SPAN class=postbody>Click on 'Start Scan'. <br/><SPAN class=postbody>When the scan has completed, copy and paste the results into your next reply. <br/> <br/><SPAN class=postbody>7) Boot into Normal Mode. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt; mso-bidi-font-family: Tahoma"><SPAN class=postbody> <br/> <br/><SPAN class=postbody>Post a new HJT log (run in Normal Mode), the Ewido log, the results of both the above scans and tell how your computer are behaving<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/7/2005 3:46 AM
#22659
User avatar

J.P.D. Valued member

Date Joined Nov 2016
Total Posts: 19
Touch, <br/>It appears the popups are gone, as I had not had one and I’ve been surfing safe websites for about an hour now! <br/> <br/> <br/>Here is the Ewido report: <br/>--------------------------------------------------------- <br/> ewido security suite - Scan report <br/>--------------------------------------------------------- <br/> <br/> + Created on: 7:32:09 PM, 11/6/2005 <br/> + Report-Checksum: 681E6B82 <br/> <br/> + Scan result: <br/> <br/> HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup <br/> HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup <br/> HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup <br/> HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup <br/> HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup <br/> HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup <br/> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup <br/> HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup <br/> HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup <br/> HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup <br/> HKU\S-1-5-21-733184280-2994884863-530001187-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup <br/> HKU\S-1-5-21-733184280-2994884863-530001187-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup <br/> HKU\S-1-5-21-733184280-2994884863-530001187-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup <br/> HKU\S-1-5-21-733184280-2994884863-530001187-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup <br/> HKU\S-1-5-21-733184280-2994884863-530001187-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup <br/> HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup <br/> HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup <br/> HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup <br/> C:\backup.zip/m064lajq1doe.dll -> Spyware.Look2Me : Cleaned with backup <br/> C:\backup.zip/pIpnetsh.dll -> Spyware.Look2Me : Cleaned with backup <br/> C:\backup.zip/guard.tmp -> Spyware.Look2Me : Cleaned with backup <br/> C:\contextplus.exe -> Trojan.Crypt.t : Cleaned with backup <br/> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ndpa.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Cookies\j.p. deluca@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Cookies\j.p. deluca@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\Temporary Internet Files\Content.IE5\WVO3MDM1\drsmartload_js[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temp\uninstall.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\A1N898R2\WFI[1].cab/UWFX5LP_0001_0802NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\HW95NX93\drsmartload_js[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\HW95NX93\prompt[2].htm -> TrojanDownloader.IstBar.j : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\JACRVD41\ysb_website[1].cab/YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\NVHF7TWW\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\PLZCXE87\contextplus[1].exe -> Trojan.Crypt.t : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\PLZCXE87\popcaploader_v6[1].cab/PopCapLoader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\Q55MJY98\ysb_prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\SBXBAMFH\search[1].htm -> TrojanDownloader.IstBar.u : Cleaned with backup <br/> C:\Documents and Settings\J.P. DeLuca\Local Settings\Temporary Internet Files\Content.IE5\YTDIFMTG\0006_cracks[1].cab/ISTactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup <br/> C:\Documents and Settings\Visitor\Cookies\visitor@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup <br/> C:\Documents and Settings\Visitor\Cookies\visitor@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup <br/> C:\Documents and Settings\Visitor\Cookies\visitor@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup <br/> C:\Program Files\Common Files\Download\freeprodtb.exe -> Spyware.Maxifiles : Cleaned with backup <br/> C:\Program Files\Common Files\Download\mc-110-12-0000122.exe -> Spyware.Maxifiles : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq107(2).tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11D.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11E.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11F.tmp -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> Spyware.Cookie.Gator : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> Spyware.Cookie.247realmedia : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> Spyware.Cookie.Ad-logics : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp -> Spyware.Cookie.Specificclick : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp -> Spyware.Cookie.Specificpop : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> Spyware.Cookie.Advertising : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp -> Spyware.Cookie.Adviva : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq200.tmp -> Spyware.Cookie.Clickagents : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq201.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq202.tmp -> Spyware.Cookie.Shopathomeselect : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq203.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq204.tmp -> Spyware.Cookie.Bfast : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq206.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq217.tmp -> Spyware.Cookie.247realmedia : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq220.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq221.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> Spyware.Cookie.Bfast : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> Spyware.Cookie.Bluemountain : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> Spyware.Cookie.Bluemountain : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26B.tmp -> Spyware.Cookie.Shopathomeselect : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26E.tmp -> Spyware.Cookie.Com : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26F.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq270.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> Spyware.Cookie.Centrport : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> Spyware.Cookie.Clickagents : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Com : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> Spyware.Cookie.Pro-market : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> Spyware.Cookie.Euniverseads : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> Spyware.Cookie.Falkag : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> Spyware.Cookie.Falkag : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> Spyware.Cookie.Hotlog : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> Spyware.Cookie.Linksynergy : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> Spyware.Cookie.Pointroll : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> Spyware.Cookie.Realtracker : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> Spyware.Cookie.Revenue : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Advertising : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> Spyware.Cookie.Sexlist : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> Spyware.Cookie.Specificpop : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> Spyware.Cookie.Spylog : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> Spyware.Cookie.Onestat : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq624.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp -> Spyware.Cookie.Xxxcounter : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> Spyware.Cookie.Adserver : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> Spyware.Cookie.Falkag : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75E.tmp -> Spyware.Cookie.Advertising : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75F.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq760.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq762.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq763.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq764.tmp -> Spyware.Cookie.Spylog : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp -> Spyware.Cookie.Centrport : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> Spyware.Cookie.Advertising : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> Spyware.Cookie.Onestat : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97(2).tmp -> Spyware.Cookie.Hitslink : Cleaned with backup <br/> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98(2).tmp -> Spyware.Cookie.Hitslink : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005173.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005210.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005211.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005212.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005214.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005289.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005293.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005295.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005296.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005307.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005310.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005311.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005313.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005448.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005455.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005458.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\RECYCLER\NPROTECT\00005461.TXT -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\WINDOWS\elitemediapop.exe -> Trojan.LowZones.am : Cleaned with backup <br/> C:\WINDOWS\system32\bcradmo.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup <br/> C:\WINDOWS\system32\jdoae.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup <br/> C:\WINDOWS\system32\lk4pss.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup <br/> C:\WINDOWS\system32\pqbuw.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup <br/> C:\WINDOWS\system32\rastmon.dll -> Spyware.SafeSurfing : Cleaned with backup <br/> C:\WINDOWS\system32\sdksfsg.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup <br/> C:\WINDOWS\Temp\Cookies\j.p. deluca@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup <br/> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\056ZK9I3\launcher[1].exe -> Spyware.Maxifiles : Cleaned with backup <br/> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KH6JGLIB\zqactx1[1].exe -> Trojan.VB.aeq : Cleaned with backup <br/> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OL2FOLEF\freeprodtb[1].exe -> Spyware.Maxifiles : Cleaned with backup <br/> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WT6B4PUV\elitemediapop[1].exe -> Trojan.LowZones.am : Cleaned with backup <br/> C:\WINDOWS\Temp\zqactx1.exe -> Trojan.VB.aeq : Cleaned with backup <br/> <br/> <br/>::Report End <br/> <br/> <br/>Here is the Trackqoo report: <br/> <br/>REGEDIT4 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" <br/>"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe" <br/>"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" <br/>"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" <br/> <br/>----------------- <br/>HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers <br/> <br/> <br/>Subkey --- fgtymxqt <br/>{3b57ad1d-7d42-4417-b88d-7d5d83d55c1c} <br/>C:\WINDOWS\system32\jdoae.dll <br/> <br/>Subkey --- Offline Files <br/>{750fdf0e-2a26-11d1-a3ea-080036587f03} <br/>C:\WINDOWS\System32\cscui.dll <br/> <br/>Subkey --- Open With <br/>{09799AFB-AD67-11d1-ABCD-00C04FC30936} <br/>C:\WINDOWS\system32\SHELL32.dll <br/> <br/>Subkey --- Open With EncryptionMenu <br/>{A470F8CF-A1E8-4f65-8335-227475AA5C46} <br/>C:\WINDOWS\system32\SHELL32.dll <br/> <br/>Subkey --- Symantec.Norton.Antivirus.IEContextMenu <br/>{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} <br/>C:\Program Files\Norton AntiVirus\NavShExt.dll <br/> <br/>Subkey --- WinRAR <br/>{B41DB860-8EE4-11D2-9906-E49FADC173CA} <br/>C:\Program Files\WinRAR\rarext.dll <br/> <br/>Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} <br/>Start Menu Pin <br/>C:\WINDOWS\system32\SHELL32.dll <br/> <br/>===================== <br/> <br/>HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers <br/> <br/> <br/>Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} <br/>C:\WINDOWS\system32\SHELL32.dll <br/> <br/>Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} <br/>C:\WINDOWS\system32\SHELL32.dll <br/> <br/>Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} <br/>C:\WINDOWS\system32\SHELL32.dll <br/> <br/>Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE} <br/>C:\WINDOWS\system32\SHELL32.dll <br/> <br/>Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627} <br/>C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll <br/> <br/>============================== <br/>C:\Documents and Settings\All Users\Start Menu\Programs\Startup <br/> <br/>desktop.ini <br/>============================== <br/>C:\Documents and Settings\J.P. DeLuca\Start Menu\Programs\Startup <br/> <br/>desktop.ini <br/>desktop.ini <br/>============================== <br/>C:\WINDOWS\system32 cpl files <br/> <br/> <br/>access.cpl Microsoft Corporation <br/>ADPanel.cpl Iomega Corporation <br/>appwiz(2).cpl Microsoft Corporation <br/>appwiz.cpl Microsoft Corporation <br/>btcpl.cpl WIDCOMM, Inc. <br/>bthprops.cpl Microsoft Corporation <br/>desk.cpl Microsoft Corporation <br/>firewall.cpl Microsoft Corporation <br/>hdwwiz.cpl Microsoft Corporation <br/>inetcpl.cpl Microsoft Corporation <br/>intl.cpl Microsoft Corporation <br/>irprops.cpl Microsoft Corporation <br/>joy.cpl Microsoft Corporation <br/>jpicpl32.cpl Sun Microsystems <br/>main.cpl Microsoft Corporation <br/>mmsys.cpl Microsoft Corporation <br/>ncpa.cpl Microsoft Corporation <br/>netsetup.cpl Microsoft Corporation <br/>nusrmgr.cpl Microsoft Corporation <br/>odbccp32.cpl Microsoft Corporation <br/>powercfg.cpl Microsoft Corporation <br/>QuickTime.cpl Apple Computer, Inc. <br/>sysdm.cpl Microsoft Corporation <br/>telephon.cpl Microsoft Corporation <br/>timedate.cpl Microsoft Corporation <br/>wscui.cpl Microsoft Corporation <br/>wtcpl.cpl WildTangent, Inc. <br/>wuaucpl.cpl Microsoft Corporation <br/> <br/> <br/>Here is the WinPFind report: <br/> <br/>WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. <br/> <br/>If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. <br/> <br/>»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» <br/>Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 <br/>Internet Explorer Version: 6.0.2900.2180 <br/> <br/>»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» <br/> <br/>Checking %SystemDrive% folder... <br/> <br/>Checking %ProgramFilesDir% folder... <br/> <br/>Checking %WinDir% folder... <br/>ad-w-a-r-e.com 11/1/2005 8:49:02 PM 747068 C:\WINDOWS\setupapi.log <br/> <br/>Checking %System% folder... <br/>PEC2 3/30/2003 9:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc <br/>FSG! 7/7/2005 9:31:32 PM 398742 C:\WINDOWS\SYSTEM32\Jqdlovk1.xml <br/>PTech 7/12/2005 5:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll <br/>PECompact2 10/2/2005 6:40:46 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe <br/>aspack 10/2/2005 6:40:46 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe <br/>FSG! 8/4/2005 10:26:44 PM 398742 C:\WINDOWS\SYSTEM32\Nnufvzk1.xml <br/>aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll <br/>Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll <br/>aspack 5/16/2002 5:12:30 PM 117248 C:\WINDOWS\SYSTEM32\SKCL.dll <br/>FSG! 2/12/2005 8:29:24 PM 398742 C:\WINDOWS\SYSTEM32\Tqjuiak1.xml <br/>winsync 3/30/2003 9:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu <br/>FSG! 7/7/2005 11:12:58 PM 398742 C:\WINDOWS\SYSTEM32\Ztyeghk1.xml <br/> <br/>Checking %System%\Drivers folder and sub-folders... <br/>PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys <br/> <br/>Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS <br/>127.0.0.1 www.qoologic.com <br/>127.0.0.1 www.urllogic.com <br/> <br/>qoologic 11/3/2005 11:19:50 PM 2207 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.bak <br/>urllogic 11/3/2005 11:19:50 PM 2207 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.bak <br/> <br/>Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... <br/> 11/6/2005 5:51:22 PM S 2048 C:\WINDOWS\bootstat.dat <br/> 11/6/2005 5:49:54 PM H 24 C:\WINDOWS\pvHxa <br/> 10/24/2005 4:02:40 AM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_66.cab <br/> 10/4/2005 8:17:40 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat <br/> 9/28/2005 10:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat <br/> 9/9/2005 6:15:08 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat <br/> 11/6/2005 7:24:32 PM H 28672 C:\WINDOWS\system32\config\default.LOG <br/> 11/6/2005 5:52:36 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG <br/> 11/6/2005 5:51:24 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG <br/> 11/6/2005 7:39:08 PM H 258048 C:\WINDOWS\system32\config\software.LOG <br/> 11/6/2005 5:52:14 PM H 1208320 C:\WINDOWS\system32\config\system.LOG <br/> 10/25/2005 11:56:56 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG <br/> 10/24/2005 11:43:00 PM S 6429 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 <br/> 10/24/2005 11:42:46 PM S 17881 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 <br/> 10/24/2005 11:43:00 PM S 120 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 <br/> 10/24/2005 11:42:46 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 <br/> 10/6/2005 12:17:02 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0cd202bd-53a9-4a9e-8bc3-9ef08538c5ab <br/> 10/6/2005 12:17:02 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred <br/> 11/6/2005 5:50:20 PM H 6 C:\WINDOWS\Tasks\SA.DAT <br/> <br/>Checking for CPL files... <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl <br/>Iomega Corporation 9/24/2002 4:44:10 PM 151552 C:\WINDOWS\SYSTEM32\ADPanel.cpl <br/>Microsoft Corporation 3/30/2003 9:00:00 PM 578560 C:\WINDOWS\SYSTEM32\appwiz(2).cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl <br/>WIDCOMM, Inc. 9/12/2003 10:43:12 AM 245819 C:\WINDOWS\SYSTEM32\btcpl.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl <br/>Sun Microsystems 11/12/2003 7:31:00 PM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl <br/>Microsoft Corporation 3/30/2003 9:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl <br/>Microsoft Corporation 3/30/2003 9:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl <br/>Apple Computer, Inc. 4/8/2004 1:12:42 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl <br/>Microsoft Corporation 3/30/2003 9:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl <br/>Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl <br/>WildTangent, Inc. 3/12/2004 2:53:44 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl <br/>Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl <br/>Microsoft Corporation 3/30/2003 9:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl <br/>Microsoft Corporation 3/30/2003 9:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl <br/> <br/>»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» <br/> <br/>Checking files in %ALLUSERSPROFILE%\Startup folder... <br/> 7/16/2003 8:09:48 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini <br/> <br/>Checking files in %ALLUSERSPROFILE%\Application Data folder... <br/> 7/16/2003 1:00:28 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini <br/> 2/16/2004 8:51:42 PM 11 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt <br/> 11/12/2003 8:00:02 PM 237 C:\Documents and Settings\All Users\Application Data\hpzinstall.log <br/> <br/>Checking files in %USERPROFILE%\Startup folder... <br/> 7/16/2003 8:09:48 AM HS 84 C:\Documents and Settings\J.P. DeLuca\Start Menu\Programs\Startup\desktop.ini <br/> <br/>Checking files in %USERPROFILE%\Application Data folder... <br/> 7/16/2003 1:00:28 AM HS 62 C:\Documents and Settings\J.P. DeLuca\Application Data\desktop.ini <br/> <br/>»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] <br/> SV1 = <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] <br/> <br/>[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] <br/>HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fgtymxqt <br/> {3b57ad1d-7d42-4417-b88d-7d5d83d55c1c} = C:\WINDOWS\system32\jdoae.dll <br/>HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files <br/> {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll <br/>HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With <br/> {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll <br/>HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu <br/> {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll <br/>HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu <br/> {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR <br/> {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll <br/>HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} <br/> Start Menu Pin = %SystemRoot%\system32\SHELL32.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu <br/> {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR <br/> {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu <br/> {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files <br/> {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing <br/> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR <br/> {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} <br/> = %SystemRoot%\system32\SHELL32.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} <br/> = %SystemRoot%\system32\SHELL32.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} <br/> = %SystemRoot%\system32\SHELL32.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} <br/> = %SystemRoot%\system32\SHELL32.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} <br/> = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll <br/> <br/>[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} <br/> &Tip of the Day = %SystemRoot%\System32\shdocvw.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] <br/> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll <br/> {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <br/> MenuText = Sun Java Console : <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} <br/> ButtonText = Research : <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6} <br/> MenuText = Java : <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <br/> ButtonText = AIM : C:\Program Files\AIM\aim.exe <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} <br/> ButtonText = @btrez.dll,-4015 : <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} <br/> ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] <br/>HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} <br/> = <br/>HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} <br/> Favorites Band = %SystemRoot%\System32\shdocvw.dll <br/>HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} <br/> Explorer Band = %SystemRoot%\System32\shdocvw.dll <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] <br/>HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser <br/> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser <br/> {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll <br/> {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll <br/> {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : <br/> {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll <br/> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll <br/> {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} = : <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/> ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe <br/> Apoint C:\Program Files\Apoint2K\Apoint.exe <br/> ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/> Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/> MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services <br/> cmdService 2 <br/> <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk <br/> path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk <br/> backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup <br/> location Common Startup <br/> command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE <br/> item Adobe Reader Speed Launch <br/> path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk <br/> backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup <br/> location Common Startup <br/> command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE <br/> item Adobe Reader Speed Launch <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ndpa.exe <br/> path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ndpa.exe <br/> backup C:\WINDOWS\pss\ndpa.exeCommon Startup <br/> location Common Startup <br/> command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ndpa.exe <br/> item ndpa <br/> path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ndpa.exe <br/> backup C:\WINDOWS\pss\ndpa.exeCommon Startup <br/> location Common Startup <br/> command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ndpa.exe <br/> item ndpa <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk <br/> path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk <br/> backup C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup <br/> location Common Startup <br/> command C:\PROGRA~1\Quicken\bagent.exe <br/> item Quicken Scheduled Updates <br/> path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk <br/> backup C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup <br/> location Common Startup <br/> command C:\PROGRA~1\Quicken\bagent.exe <br/> item Quicken Scheduled Updates <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ACTX1 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item actx1 <br/> hkey HKLM <br/> command C:\WINDOWS\system32\actx1.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item actx1 <br/> hkey HKLM <br/> command C:\WINDOWS\system32\actx1.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\actx1.exe <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item actx1 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\actx1.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item actx1 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\actx1.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADUserMon <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ADUserMon <br/> hkey HKLM <br/> command C:\Program Files\Iomega\AutoDisk\ADUserMon.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ADUserMon <br/> hkey HKLM <br/> command C:\Program Files\Iomega\AutoDisk\ADUserMon.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item aim <br/> hkey HKCU <br/> command C:\Program Files\AIM\aim.exe -cnetwait.odl <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item aim <br/> hkey HKCU <br/> command C:\Program Files\AIM\aim.exe -cnetwait.odl <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AnyDVD <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item AnyDVD <br/> hkey HKLM <br/> command "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item AnyDVD <br/> hkey HKLM <br/> command "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CamMonitor <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item hpqcmon <br/> hkey HKLM <br/> command C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item hpqcmon <br/> hkey HKLM <br/> command C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CEWcbe <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ttlijtte <br/> hkey HKLM <br/> command C:\WINDOWS\ttlijtte.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ttlijtte <br/> hkey HKLM <br/> command C:\WINDOWS\ttlijtte.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item CloneCDTray <br/> hkey HKLM <br/> command "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item CloneCDTray <br/> hkey HKLM <br/> command "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Contextual Tool <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ZQInContextactx1 <br/> hkey HKLM <br/> command C:\WINDOWS\system32\ZQInContextactx1.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ZQInContextactx1 <br/> hkey HKLM <br/> command C:\WINDOWS\system32\ZQInContextactx1.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Deskup <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item deskup <br/> hkey HKLM <br/> command C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item deskup <br/> hkey HKLM <br/> command C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eabconfg.cpl <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item EabServr <br/> hkey HKLM <br/> command C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item EabServr <br/> hkey HKLM <br/> command C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\elitemedia <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item elitemediapop <br/> hkey HKLM <br/> command C:\WINDOWS\elitemediapop.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item elitemediapop <br/> hkey HKLM <br/> command C:\WINDOWS\elitemediapop.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eltgdps4.exe <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item eltgdps4 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\eltgdps4.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item eltgdps4 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\eltgdps4.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fran-super.exe <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item fran-super <br/> hkey HKCU <br/> command C:\WINDOWS\system32\fran-super.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item fran-super <br/> hkey HKCU <br/> command C:\WINDOWS\system32\fran-super.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\installer.exe <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item installer <br/> hkey HKCU <br/> command C:\WINDOWS\system32\installer.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item installer <br/> hkey HKCU <br/> command C:\WINDOWS\system32\installer.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item optimize <br/> hkey HKLM <br/> command "C:\Program Files\Internet Optimizer\optimize.exe" <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item optimize <br/> hkey HKLM <br/> command "C:\Program Files\Internet Optimizer\optimize.exe" <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iomega Drive Icons <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ImgIcon <br/> hkey HKLM <br/> command C:\Program Files\Iomega\DriveIcons\ImgIcon.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ImgIcon <br/> hkey HKLM <br/> command C:\Program Files\Iomega\DriveIcons\ImgIcon.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\irassync <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item irasyncd <br/> hkey HKCU <br/> command C:\WINDOWS\system32\irasyncd.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item irasyncd <br/> hkey HKCU <br/> command C:\WINDOWS\system32\irasyncd.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item istsvc <br/> hkey HKLM <br/> command C:\Program Files\ISTsvc\istsvc.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item istsvc <br/> hkey HKLM <br/> command C:\Program Files\ISTsvc\istsvc.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item iTunesHelper <br/> hkey HKLM <br/> command C:\Program Files\iTunes\iTunesHelper.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item iTunesHelper <br/> hkey HKLM <br/> command C:\Program Files\iTunes\iTunesHelper.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mc-110-12-0000122.exe <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item mc-110-12-0000122 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\mc-110-12-0000122.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item mc-110-12-0000122 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\mc-110-12-0000122.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item mmtask <br/> hkey HKLM <br/> command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item mmtask <br/> hkey HKLM <br/> command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item mm_tray <br/> hkey HKLM <br/> command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item mm_tray <br/> hkey HKLM <br/> command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item msmsgs <br/> hkey HKCU <br/> command "C:\Program Files\Messenger\msmsgs.exe" /background <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item msmsgs <br/> hkey HKCU <br/> command "C:\Program Files\Messenger\msmsgs.exe" /background <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msresearch <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item msresearch <br/> hkey HKLM <br/> command C:\windows\msresearch.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item msresearch <br/> hkey HKLM <br/> command C:\windows\msresearch.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Scan <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item powerscan <br/> hkey HKLM <br/> command C:\Program Files\Power Scan\powerscan.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item powerscan <br/> hkey HKLM <br/> command C:\Program Files\Power Scan\powerscan.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qkwz <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item qkwzm <br/> hkey HKCU <br/> command C:\PROGRA~1\COMMON~1\qkwz\qkwzm.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item qkwzm <br/> hkey HKCU <br/> command C:\PROGRA~1\COMMON~1\qkwz\qkwzm.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item qttask <br/> hkey HKLM <br/> command "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item qttask <br/> hkey HKLM <br/> command "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recovery system <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item turbo tax 2003 deluxe - keygeo (1) <br/> hkey HKLM <br/> command c:\my shared folder\turbo tax 2003 deluxe - keygeo (1).exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item turbo tax 2003 deluxe - keygeo (1) <br/> hkey HKLM <br/> command c:\my shared folder\turbo tax 2003 deluxe - keygeo (1).exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxioEngineUtility <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item EngUtil <br/> hkey HKLM <br/> command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item EngUtil <br/> hkey HKLM <br/> command "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sais <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item sais <br/> hkey HKLM <br/> command c:\program files\180solutions\sais.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item sais <br/> hkey HKLM <br/> command c:\program files\180solutions\sais.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sdat <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item sdat <br/> hkey HKLM <br/> command C:\WINDOWS\system32\yloy\sdat.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item sdat <br/> hkey HKLM <br/> command C:\WINDOWS\system32\yloy\sdat.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\secure <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item Tqjuia <br/> hkey HKLM <br/> command C:\WINDOWS\System32\Tqjuia.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item Tqjuia <br/> hkey HKLM <br/> command C:\WINDOWS\System32\Tqjuia.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item hpgs2wnd <br/> hkey HKLM <br/> command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item hpgs2wnd <br/> hkey HKLM <br/> command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item SNDMon <br/> hkey HKLM <br/> command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item SNDMon <br/> hkey HKLM <br/> command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vct <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item vct <br/> hkey HKLM <br/> command C:\WINDOWS\vct.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item vct <br/> hkey HKLM <br/> command C:\WINDOWS\vct.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\version <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item Axfiwc <br/> hkey HKLM <br/> command C:\WINDOWS\System32\Axfiwc.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item Axfiwc <br/> hkey HKLM <br/> command C:\WINDOWS\System32\Axfiwc.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ViewMgr <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ViewMgr <br/> hkey HKLM <br/> command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ViewMgr <br/> hkey HKLM <br/> command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item WebRebates0 <br/> hkey HKLM <br/> command "C:\Program Files\Web_Rebates\WebRebates0.exe" <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item WebRebates0 <br/> hkey HKLM <br/> command "C:\Program Files\Web_Rebates\WebRebates0.exe" <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsync <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item lk4pss <br/> hkey HKLM <br/> command C:\WINDOWS\system32\lk4pss.exe reg_run <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item lk4pss <br/> hkey HKLM <br/> command C:\WINDOWS\system32\lk4pss.exe reg_run <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zqactx1.exe <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item zqactx1 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\zqactx1.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item zqactx1 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\zqactx1.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZQInContextactx1.exe <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ZQInContextactx1 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\ZQInContextactx1.exe <br/> inimapping 0 <br/> key SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> item ZQInContextactx1 <br/> hkey HKCU <br/> command C:\WINDOWS\system32\ZQInContextactx1.exe <br/> inimapping 0 <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state <br/> system.ini 0 <br/> win.ini 0 <br/> bootini 2 <br/> services 0 <br/> startup 2 <br/> <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum <br/> {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL <br/> {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = <br/> {0DF44EAA-FF21-4412-828E-260A8728E7F1} = <br/> <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system <br/> dontdisplaylastusername 0 <br/> legalnoticecaption <br/> legalnoticetext <br/> shutdownwithoutlogon 1 <br/> undockwithoutlogon 1 <br/> <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer <br/> NoDriveTypeAutoRun 145 <br/> <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <br/> PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll <br/> CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll <br/> WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll <br/> SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] <br/> UserInit = C:\WINDOWS\system32\userinit.exe, <br/> Shell = Explorer.exe <br/> System = <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain <br/> = crypt32.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet <br/> = cryptnet.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll <br/> = cscdll.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp <br/> = wlnotify.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule <br/> = wlnotify.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy <br/> = sclgntfy.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn <br/> = WlNotify.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv <br/> = wlnotify.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon <br/> = wlnotify.dll <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif <br/> = wzcdlg.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path <br/> Debugger = ntsd -d <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] <br/> AppInit_DLLs <br/> <br/> <br/>»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» <br/>WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. <br/>Scan completed on 11/6/2005 7:47:43 PM <br/> <br/> <br/>Here is the HijackThis report: <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 8:05:23 PM, on 11/6/2005 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\Program Files\ewido\security suite\ewidoctrl.exe <br/>C:\PROGRA~1\Iomega\System32\AppServices.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\System32\MsPMSPSv.exe <br/>C:\Program Files\Iomega\AutoDisk\ADService.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Apoint2K\Apoint.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\Program Files\Apoint2K\Apntex.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE <br/>C:\Documents and Settings\J.P. DeLuca\Desktop\HijackThis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll <br/>O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe <br/>O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) <br/>O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <br/>O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm <br/>O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com <br/>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab <br/>O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122692227411 <br/>O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab <br/>O16 - DPF: {C62EEC3F-D535-11D1-A663-006008AC53FC} (EngageTreeView Class) - http://cartman.engagenet.com/aem/Controls/EngageTree.dll <br/>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab <br/>O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://secure.nypa.gov/secure/cds/CGC/en/CSGProxy.cab <br/>O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe <br/>O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe <br/>O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe <br/>O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <br/>O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Posted 11/7/2005 2:24 PM
#22688
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks clean to me ;-) <br/> <br/> <br/> <br/> <br/>How are things running now?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/7/2005 8:02 PM
#22711
User avatar

J.P.D. Valued member

Date Joined Nov 2016
Total Posts: 19
[color=#0000ff><SPAN]Much better, the pop-ups are dead and the speed seems to be back up. I have not checked my processor usage at idle to see that there is nothing running that would hinder my speed, but it should be nill. Thanks for all your help! [/color] <br/>[color=#0000ff><SPAN]I have a few questins:[/color] <br/> <br/>[color=#0000ff><SPAN]1) How do I prevent this from happeneing again?[/color] <br/> <br/>[color=#0000ff><SPAN]2) How do I put my settings back? (system files / hidden folders / etc.)[/color] <br/> <br/>[color=#0000ff><SPAN]3) Is there a way to reset my tea timer so that malicious files I may of allowed to pass need to be blocked?[/color] <br/> <br/>[color=#0000ff><SPAN]4) Why didn't the combination of Spybot, Tea Timer, Ad-Aware and Norton clean and detect all those files?[/color] <br/> <br/>[color=#0000ff><SPAN]5) Is it safe to assume that the latest HijackThis log is clean, and in the future If I come accross problems I should delete anything that does not match up to the current log?[/color]
Posted 11/8/2005 9:52 AM
#22740
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
1-2 = <br/> <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB">I suggest you install these:<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB">[color=#0000ff>Spywareblaster</FONT>[/url] <br/><SPAN]Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, <br/>and other potentially unwanted software. <br/>Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. <br/>Restrict the actions of potentially unwanted sites in Internet Explorer. <br/><SPAN class=normaltext1><SPAN style="mso-bidi-font-size: 8.0pt; mso-bidi-font-family: 'Times New Roman'; mso-ansi-font-size: 8.0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web. <br/><SPAN class=normaltext1><SPAN style="mso-bidi-font-size: 8.0pt; mso-bidi-font-family: 'Times New Roman'; mso-ansi-font-size: 8.0pt; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana">And unlike other programs, SpywareBlaster does not have to remain running in the background.<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB"><FONT color=#0000ff>Spywareguard[/color] <br/>SpywareGuard provides a real-time protection solution against spyware <br/>that is a great addition to SpywareBlaster's protection method. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB">[color=#0000ff>IE] <br/>IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; mso-ansi-language: EN-GB"> <br/>Visit Microsoft<SPAN style="mso-spacerun: yes"> and <SPAN class=postbody>check for Critical Security Updates <br/><FONT color=#0000ff>Microsoft Update[/color][/url]<o:p></o:p> <br/> <br/> <br/> <br/> <br/>3- <br/>Open Spybot and click on Mode and check Advanced Mode <br/>Check yes to next window. <br/>Click on Tools in bottom left hand corner. <br/>Click on System Startup icon. <br/>check Teatimer box. <br/> <br/> <br/>4. Good question, but nothing is 100 percent safe <br/> <br/> <br/> <br/> <br/>5. I recommend you don´t fix anything in hijackthis, as legal programs are shown in the log as well

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/21/2005 5:59 PM
#23563
User avatar

J.P.D. Valued member

Date Joined Nov 2016
Total Posts: 19
[color=#0000ff><SPAN]Touch...are your still there? [/color] <br/>[color=#0000ff><SPAN][/color] <br/> <br/>[color=#0000ff><SPAN]Things have going great until 2 days ago then all hell broke lose. I've been using the hibernate option instead of shut down for convenience but I'm not sure if that was the trigger for all of the following: [/color] <br/> <br/>[color=#0000ff><SPAN][/color] <br/> <br/>[color=#0000ff><SPAN]My computer slowed down to the point where if close out of programs and open new ones too fast it will lock up and freeze. [/color] <br/> <br/>[color=#0000ff><SPAN][/color] <br/> <br/>[color=#0000ff><SPAN]I'm getting a few pop-ups...nothing crazy. [/color] <br/> <br/>[color=#0000ff><SPAN][/color] <br/> <br/>[color=#0000ff><SPAN]My real concern is the odd behavior of Windows. When I go into system properties, device manager, there is absolutely nothing on the list. I'm connected to the internet yet there is no sign of my wireless connection or even any hardware. [/color] <br/> <br/>[color=#0000ff><SPAN][/color] <br/> <br/>[color=#0000ff><SPAN]Additionally....when I open up 3 programs simultaneously, the 3rd program will have 2 icons in the task bar as if it is open twice. [/color] <br/> <br/>[color=#0000ff><SPAN][/color] <br/> <br/>[color=#0000ff><SPAN]Whenever I shut down my computer I get an error that disappears quickly but says something like, "can not initiate ____.DLL" [/color] <br/> <br/>[color=#0000ff><SPAN][/color] <br/> <br/>[color=#0000ff><SPAN]I tried doing a system restore to when we last communicated but my computer says system restore incomplete on the boot up. This happens on any restore point I try.[/color]
Posted 11/21/2005 6:53 PM
#23565
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
That´s odd :rolleyes: <br/> <br/> <br/> <br/> <br/>Post a new logfile - <br/> <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Download: <SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> <br/><SPAN class=spnmessagetext>Hijackthis<SPAN style="COLOR: black"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/22/2005 12:59 PM
#23604
User avatar

J.P.D. Valued member

Date Joined Nov 2016
Total Posts: 19
Here it is: <br/> <br/><br /><br /> <br/><br /><br /> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 10:17:21 PM, on 11/21/2005 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\csrss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\PROGRA~1\Iomega\System32\AppServices.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>C:\Program Files\Spyware Doctor\sdhelp.exe <br/>C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\System32\wdfmgr.exe <br/>C:\WINDOWS\System32\MsPMSPSv.exe <br/>C:\Program Files\Iomega\AutoDisk\ADService.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\System32\alg.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Apoint2K\Apoint.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\Program Files\Logitech\Profiler\lwemon.exe <br/>C:\Program Files\Apoint2K\Apntex.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\PROGRA~1\SPYWAR~2\swdoctor.exe <br/>C:\Documents and Settings\J.P. DeLuca\Desktop\HijackThis.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) <br/>O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll <br/>O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll <br/>O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll <br/>O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe <br/>O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 <br/>O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll <br/>O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) <br/>O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe <br/>O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm <br/>O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com <br/>O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - <br/>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab <br/>O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122692227411 <br/>O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab <br/>O16 - DPF: {C62EEC3F-D535-11D1-A663-006008AC53FC} (EngageTreeView Class) - <br/>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - <br/>O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - <br/>O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe <br/>O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe <br/>O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe <br/>O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <br/>O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe <br/> <br/><br /><br />
Posted 11/22/2005 2:07 PM
#23607
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please load down SilentRunner: http://www.silentrunners.org/sr_download.html <br/>Run it, have it save a logfile and post it here as - new topic: http://www.bullguard.com/forum/10/ <br/> <br/> <br/> <br/> - Thanks ;-) <br/> <br/> <br/> <br/> <br/> <br/>I´ll lock this thread, It´s become too long. <br/> <br/> <br/> <br/>Call your post-touch look here, I´ll find it

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 3, 2016, 10:33 AM (GMT +1)
There are a total of 61,157 posts in 13,447 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 37,966 registered members. Please welcome our newest member, Don Tee.
There are currently no users on-line.