1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help...Pop-Ups Everywhere

Discussion in 'Virus & Other Malware Removal' started by samalama, Jul 28, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. samalama

    samalama Thread Starter

    Joined:
    Oct 11, 2005
    Messages:
    73
    Someone Help...Im getting pop-ups like crazy and I have done all I can think of to get rid of them. I've used spy sweeper and done a scan and also used spybot and ad-ware se and nothing is working. Any help would be appreciated. I am including my hijack this log below..Thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 11:17:32 PM, on 7/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\AOL\1130736379\ee\aolsoftware.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/Home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/Home
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O4 - HKLM\..\Run: [{BD-DD-DF-F2-ZN}] C:\WINDOWS\system32\oldsregs.exe CORN003
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\twinmpez.exe CORN003
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [uuru] C:\PROGRA~1\COMMON~1\uuru\uurum.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\twinmpez.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\oldsregs.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.sxload.com
    O15 - Trusted Zone: *.adgate.info (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.matcash.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: *.snipernet.biz (HKLM)
    O15 - Trusted Zone: *.systemdoctor.com (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.1.cab
    O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129145866984
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129148482859
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.70.10.0_MEGAPANEL_USA.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://www.one2one.com/static/class/WMOggPlayer.cab
    O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://classlive.ecollege.com/~sdk/SDK/paste/lsiw2k.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\System32\xeymi.dll
    O20 - AppInit_DLLs: inicfg32.dll C:\WINDOWS\System32\nopdb.dll
    O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\n6l8lg3u16.dll
    O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,120
    yes, you've got a few there....a coolweb variant that is sort of sticky too....wait for an expert, if no help by this time tomorrow, I'll do my best to either assist or track down someone.

    v
     
  3. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,120
    in the meantime, please do the following:
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.


    * Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    * Once the setup is complete you will need run Ewido and update the definition files.
    * On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    * Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    * Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    * Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"
    * Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    * Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    * Ewido will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
    * If you have any infections you will prompted, then select "Apply all actions"
    * Next select the "Reports" icon at the top.
    * Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    * Close Ewido and reboot your system back into Normal Mode.

    Also post a new hjt log.
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Click here to download Combofix and save it to your desktop.

    • Double click on combo.exe & follow the prompts.
    • When finished, it will produce a logfile located at C:\ComboFix.txt.
    • Post the contents of that log in your next reply with a new hijackthis log.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Please skip ewido for now and run the combofix.

    Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
     
  6. samalama

    samalama Thread Starter

    Joined:
    Oct 11, 2005
    Messages:
    73
    Ok im trying all of that now. I will post a new log as soon as it has all finished.
     
  7. samalama

    samalama Thread Starter

    Joined:
    Oct 11, 2005
    Messages:
    73
    Here is the list from Hijack this


    3D Groove Playback Engine
    Ad-Aware SE Personal
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 7.0
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Connectivity Services
    AOL Instant Messenger
    AOL Spyware Protection
    AOL Uninstaller (Choose which Products to Remove)
    CardRd81
    CCHelp
    CCScore
    CR2
    Dell ResourceCD
    ESSAdpt
    ESSANUP
    ESSBrwr
    ESSCAM
    ESSCDBK
    ESScore
    ESSCT
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTUTOR
    ESSvpaht
    ESSvpot
    ewido anti-spyware 4.0
    ewido security suite
    Harry Potter - Quidditch World Cup
    Harry Potter and the Prisoner of Azkaban(TM)
    Harry Potter II
    HijackThis 1.99.1
    HLPCCTR
    HLPIndex
    HLPPDOCK
    HLPRFO
    hp deskjet 930c series (Remove only)
    HP Mini Celebrate Kit
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Network Adapters and Drivers
    Internet Explorer Toolbar - Intelligent Explorer
    iPod for Windows 2005-09-23
    iPod for Windows 2006-03-23
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Jasc Paint Shop Photo Album 5
    Kodak EasyShare software
    KSU
    Live Homework Help
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Microsoft AntiSpyware
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Money 2006
    Microsoft Office XP Standard for Students and Teachers
    Microsoft Speech Recognition Engine 4.0 (English)
    MSN Messenger 7.5
    MSN Music Assistant
    Musicmatch® Jukebox
    My Wal-Mart Digital Photo Center
    Notifier
    Optimum Online net guide
    OTtBP
    OTtBPSDK
    PCDLNCH
    Photo Story 3 for Windows
    Plaxo Toolbar for Outlook (with AIM Enhancements)
    PowerDVD
    PrintMaster Gold 4.00
    QuickTime
    RealArcade
    RealPlayer
    Rhapsody Player Engine
    RollerCoaster Tycoon 3
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905495)
    Security Update for Windows XP (KB905749)
    SFR
    SFR2
    Shockwave
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    Spy Sweeper
    Spybot - Search & Destroy 1.4
    SpywareBlaster v3.4
    Update for Windows XP (KB898461)
    Update Manager
    VCAMCEN
    Viewpoint Media Player
    VPRINTOL
    Walgreens PhotoShow Deluxe
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB835732
    Windows XP Hotfix - KB842773
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885626
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB896688
    Windows XP Service Pack 2
    WordPerfect - MAIL
    WordPerfect Office X3
    wr_05_td_screen Screen Saver
     
  8. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,120
    thanks flrman1, as usual.
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Did you do this?:
     
  10. samalama

    samalama Thread Starter

    Joined:
    Oct 11, 2005
    Messages:
    73
    I did this:
    Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

    When I do the Combofix, it shuts down my computer and restarts it but that's it.
     
  11. samalama

    samalama Thread Starter

    Joined:
    Oct 11, 2005
    Messages:
    73
    he ewido log:

    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:00:15 AM 7/29/2006

    + Scan result:



    C:\Documents and Settings\rich\Local Settings\Temp\18011D.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\ICD1.tmp\SAIX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\Tspd.dll -> Adware.Agent : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\epkngmgk.dll -> Adware.Agent : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\iimhaajd.dll -> Adware.Agent : Cleaned with backup (quarantined).
    C:\WINDOWS\thiselt.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\My Documents\kazaa_setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\!KillBox\weblookup.dll -> Adware.BHO : Cleaned with backup (quarantined).
    C:\Program Files\HijackThis\backups\backup-20051012-125855-732.dll -> Adware.BHO : Cleaned with backup (quarantined).
    C:\Program Files\Batty\Batty.exe -> Adware.CASClient : Cleaned with backup (quarantined).
    C:\WINDOWS\casinoc.exe -> Adware.Casino : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Local Settings\Temp\temp.frB55D -> Adware.E2Give : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    [1016] C:\WINDOWS\system32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    [1108] C:\WINDOWS\System32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    [1332] C:\WINDOWS\System32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    [1372] C:\WINDOWS\System32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    [728] C:\WINDOWS\system32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    [924] C:\WINDOWS\system32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    C:\WINDOWS\system32\nsk8B.dll -> Adware.EZula : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\aaa00000.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
    C:\WINDOWS\ieunst.exe -> Adware.IEPlug : Cleaned with backup (quarantined).
    C:\WINDOWS\System32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\__delete_on_reboot__d_n_s_e_n_h_._d_l_l_ -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\en2ml1f11.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ir64l5jq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ktn4l75q1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\l22s0cf7ef2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mv84l9lq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\wbnotify.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\wfnnls.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    [2040] C:\WINDOWS\system32\dnsenh.dll -> Adware.Look2Me : Error during cleaning.
    C:\Documents and Settings\rich\Local Settings\Temp\mmxsnet.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Local Settings\Temp\temp.frEE45 -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\Program Files\PSHope\PSHope.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ati2evxx.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\chkntfs.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\C7BC.tmp/cvn0.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\WINDOWS\System32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\WINDOWS\System32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\01083070\1844.tmp -> Adware.ShopNav : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\C7BC.tmp/zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\F5B1B.tmp/bdpn.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\System32n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\bdpn.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\i1B.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\i1F.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\i33.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\WINDOWS\getnexus.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\Downloads\MCFHuntsville-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\Downloads\MysteryCaseFilesGESetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\Downloads\PrimeSuspectsGENSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\SAISetup.exe -> Adware.Zango : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ZICORN003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\dsreg.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mwinnez.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\zigi.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\dc.exe -> Backdoor.Haxdoor.jr : Cleaned with backup (quarantined).
    [1084] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1276] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1324] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1492] C:\WINDOWS\system32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1620] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1636] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1660] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1696] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1720] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1748] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1760] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [1824] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [220] C:\WINDOWS\system32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [2336] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [264] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [268] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    [500] C:\WINDOWS\System32\xmm13g.dll -> Backdoor.Haxdoor.jr : Error during cleaning.
    C:\WINDOWS\dollar.exe -> Downloader.Adload.az : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Local Settings\Temporary Internet Files\Content.IE5\A29YRQ9U\loader[1].exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Local Settings\Temporary Internet Files\Content.IE5\W363CYSF\loader[1].exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\dist13.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
    C:\WINDOWS\zuckdha.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
    C:\fym9bvo.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
    C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\installer.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
    C:\WINDOWS\webnexus.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
    C:\installerwnusnewer.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\w1458475.dll -> Downloader.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\lt.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
    C:\WINDOWS\id.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\ac2_0004.exe -> Downloader.Small.cpu : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\ac2_0006.exe -> Downloader.Small.cpu : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\start.exe -> Downloader.Small.csh : Cleaned with backup (quarantined).
    C:\Program Files\MSN Gaming Zone\VSL.dl_ -> Downloader.Small.ctp : Cleaned with backup (quarantined).
    C:\ac3_0003.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\uuru\uurup.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
    C:\WINDOWS\ts.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
    C:\stub_113_4_0_4_0newer.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
    C:\WINDOWS\sys02266950670-1.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
    C:\WINDOWS\win320970-12669506.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
    C:\WINDOWS\win32100-126695067.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
    C:\WINDOWS\win32100-1266950672006.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
    C:\WINDOWS\mkqdjubA.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
    C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
    C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\xload.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
    C:\WINDOWS\xload.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ld101.tmp -> Downloader.Zlob.ux : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.ux : Cleaned with backup (quarantined).
    C:\visfx500new.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
    C:\626_101newer.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\echo.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
    C:\SS1001newer.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Local Settings\Temporary Internet Files\Content.IE5\1PQ2N8JZ\popup[2].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Local Settings\Temporary Internet Files\Content.IE5\1PQ2N8JZ\popup[3].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\RECYCLER\S-1-5-21-1229272821-1935655697-725345543-1005\Dc123.exe -> Hijacker.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\unin101.exe -> Hijacker.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\F5B1B.tmp/mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\pre.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\desuni.exe -> Logger.VB.eh : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\ICD6.tmp\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\SystemDoctor2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temporary Internet Files\Content.IE5\KDA78XYR\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temporary Internet Files\Content.IE5\812B0X6N\xp-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][3].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Click2begin : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Click2begin : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Click2begin : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Click2begin : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Click2begin : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][1].txt -> TrackingCookie.Click2begin : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][2].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Need2find : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\samantha\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\entry.dll -> Trojan.Agent.qg : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\redistribute.exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\redist.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\redistributor.exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\ICD3.tmp\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temporary Internet Files\Content.IE5\O7LN2Q7P\installdrivecleanerstart[1].cab/UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
    C:\WINDOWS\wnu_92.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\F5B1B.tmp/xd7ehbkw.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\xd7ehbkw.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\Documents and Settings\rich\Local Settings\Temp\kvn.exe -> Trojan.Sinowal.l : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.l : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll -> Trojan.Sinowal.l : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll -> Trojan.Sinowal.l : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\{B47BDDF2-0AE8-1033-0220-040416200001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
    C:\WINDOWS\CCZoop05.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
    C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


    ::Report end
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go to Add/Remove programs and uninstall these:

    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Viewpoint Media Player



    * Now go here and install the latest version of Java.


    * Click here to download Look2Me-Destroyer.exe and save it to your desktop.
    • Close all windows before continuing.
    • Double-click Look2Me-Destroyer.exe to run it.
    • Put a check next to Run this program as a task.
    • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
    • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    • Once it's done scanning, click the Remove L2M button.
    • You will receive a Done Scanning message, click OK.
    • When completed, you will receive this message:
      • Done removing infected files! Look2Me-Destroyer will now shutdown your computer
    • Click OK then your computer will shutdown.
    • Wait 60 seconds then turn your computer back on.
    • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
    If Look2Me-Destroyer does not reopen automatically, reboot and try again.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
     
  13. samalama

    samalama Thread Starter

    Joined:
    Oct 11, 2005
    Messages:
    73
    Here is the log from Look2Me:


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 7/29/2006 2:49:05 PM

    Infected! C:\WINDOWS\system32\jt8407lqe.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP386\A0096879.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP386\A0096914.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097004.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097013.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097148.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097151.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098045.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098050.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098055.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098059.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098081.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098085.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098103.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098107.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098125.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098129.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098164.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098165.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098166.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098220.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098355.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098487.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098829.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098830.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098831.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098832.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098833.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098834.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098835.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098976.dll
    Infected! C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP393\A0099302.dll
    Infected! C:\WINDOWS\System32\guard.tmp

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\jt8407lqe.dll
    C:\WINDOWS\system32\jt8407lqe.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP386\A0096879.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP386\A0096879.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP386\A0096914.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP386\A0096914.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097004.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097004.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097013.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097013.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097148.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097148.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097151.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP387\A0097151.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098045.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098045.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098050.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098050.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098055.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098055.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098059.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098059.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098081.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098081.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098085.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP388\A0098085.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098103.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098103.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098107.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098107.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098125.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098125.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098129.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098129.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098164.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098164.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098165.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098165.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098166.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098166.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098220.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098220.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098355.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098355.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098487.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098487.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098829.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098829.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098830.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098830.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098831.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098831.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098832.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098832.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098833.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098833.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098834.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098834.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098835.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098835.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098976.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP389\A0098976.dll could not be deleted!

    Attempting to delete: C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP393\A0099302.dll
    C:\System Volume Information\_restore{2E881DA6-0AC4-40B1-92D2-B1176FB40A9F}\RP393\A0099302.dll could not be deleted!

    Attempting to delete: C:\WINDOWS\System32\guard.tmp
    C:\WINDOWS\System32\guard.tmp could not be deleted!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{70CCEDE9-1507-47E3-854A-EEF90D5F97D0}"
    HKCR\Clsid\{70CCEDE9-1507-47E3-854A-EEF90D5F97D0}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{61A048D6-0950-40E1-8F59-E2E3132D7755}"
    HKCR\Clsid\{61A048D6-0950-40E1-8F59-E2E3132D7755}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded


    And here is the Hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:55:11 PM, on 7/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/Home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/Home
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [uuru] C:\PROGRA~1\COMMON~1\uuru\uurum.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\twinmpez.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\oldsregs.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.sxload.com
    O15 - Trusted Zone: *.adgate.info (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.matcash.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: *.snipernet.biz (HKLM)
    O15 - Trusted Zone: *.systemdoctor.com (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.1.cab
    O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129145866984
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129148482859
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.70.10.0_MEGAPANEL_USA.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://www.one2one.com/static/class/WMOggPlayer.cab
    O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://classlive.ecollege.com/~sdk/SDK/paste/lsiw2k.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} (XMRADIO.XM_SystemProfiler) - http://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\System32\xeymi.dll
    O20 - AppInit_DLLs: inicfg32.dll
    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\jt8407lqe.dll
    O20 - Winlogon Notify: xmm13g - xmm13g.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Download L2mfix from here or here.

    • Save the file to your desktop and double click l2mfix.exe.
    • Click the Install button to extract the files and follow the prompts.
    • Open the newly added l2mfix folder on your desktop.
    • Double click l2mfix.bat and click Accept after reading the agreement.
    • At the next screen, press any key on your keyboard to continue.
    • Select option #1 for Run Find Log by typing 1 and then pressing enter.
    • This will scan your computer and it may appear nothing is happening.
    • After a minute or two, notepad will open with a log.
    • Copy the contents of that log and paste it into this thread.
    • IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

    * Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
    C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:

    • 1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
      2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there.
    • Do not run the fix portion without fixing the error first.
    • After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.
     
  15. samalama

    samalama Thread Starter

    Joined:
    Oct 11, 2005
    Messages:
    73
    L2MFIX find log 051206
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\jt8407lqe.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    "DLLName"="wzcdlg.dll"
    "Logon"="WZCEventLogon"
    "Logoff"="WZCEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xmm13g]
    "secureUID"="[32529368734059059424]"
    "DllName"=hex(2):78,00,6d,00,6d,00,31,00,33,00,67,00,2e,00,64,00,6c,00,6c,00,\
    00,00
    "Startup"="DsWinlogon"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    "MaxWait"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{DCE984D4-DD01-0CDD-538D-29D126945113}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
    "{80E2AB5A-A6C5-4e04-B4E4-11F6AB2A1D39}"="Default"
    "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
    "{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
    "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{61A048D6-0950-40E1-8F59-E2E3132D7755}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{61A048D6-0950-40E1-8F59-E2E3132D7755}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{61A048D6-0950-40E1-8F59-E2E3132D7755}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{61A048D6-0950-40E1-8F59-E2E3132D7755}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{61A048D6-0950-40E1-8F59-E2E3132D7755}\InprocServer32]
    @="C:\\WINDOWS\\system32\\smrio800.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    battyrun.dll Thu Jun 29 2006 10:07:36a A.... 61,440 60.00 K
    hrpo05~1.dll Sat Jul 29 2006 2:51:06p ..S.R 236,595 231.05 K
    inicfg32.dll Sat May 27 2006 5:35:54a A.... 53,248 52.00 K
    jt8407~1.dll Sat Jul 29 2006 7:56:54a ..S.R 236,595 231.05 K
    lvl209~1.dll Sat Jul 29 2006 10:05:56a ..S.R 236,108 230.57 K
    pndx5016.dll Fri May 19 2006 10:36:10a A.... 6,656 6.50 K
    pndx5032.dll Fri May 19 2006 10:36:10a A.... 5,632 5.50 K
    rmoc3260.dll Fri May 19 2006 10:36:18a A.... 176,167 172.04 K
    smrio800.dll Sat Jul 29 2006 3:50:44p ..... 236,595 231.05 K

    9 items found: 9 files (3 H/S), 0 directories.
    Total of file sizes: 1,249,036 bytes 1.19 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    ld100.tmp Thu Jun 22 2006 4:08:10p A.... 52,232 51.01 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 52,232 bytes 51.01 K
    **********************************************************************************
    Directory Listing of system files:
    Volume in drive C has no label.
    Volume Serial Number is B47B-DDF2

    Directory of C:\WINDOWS\System32

    07/29/2006 02:51 PM 236,595 hrpo0573e.dll
    07/29/2006 10:05 AM 236,108 lvl2093oe.dll
    07/29/2006 07:56 AM 236,595 jt8407lqe.dll
    07/03/2006 01:30 PM <DIR> dllcache
    05/18/2006 08:07 AM 5,852 KGyGaAvL.sys
    05/18/2006 08:07 AM 88 BE053BBCF2.sys
    09/05/2005 01:58 PM 56 F2BC3B05BE.sys
    08/31/2005 10:45 PM <DIR> Microsoft
    6 File(s) 715,294 bytes
    2 Dir(s) 2,615,750,656 bytes free
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487380

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice