1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT log file.....help!

Discussion in 'Virus & Other Malware Removal' started by Crossoutmyeyez, Aug 1, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Crossoutmyeyez

    Crossoutmyeyez Thread Starter

    Joined:
    Aug 1, 2006
    Messages:
    8
    Logfile of HijackThis v1.99.1
    Scan saved at 11:47:57 PM, on 8/1/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Y2FybWVsaXRhIHNtaXRo\command.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Common Files\AOL\1132068026\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    c:\program files\common files\aol\1132068026\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\{5891665A-0A62-1033-1202-030512200001}\Update.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\System Files\System.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\??crosoft\w?aclt.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
    C:\WINDOWS\System32\wuauclt.exe
    c:\program files\common files\aol\1132068026\ee\aolsoftware.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\System32\hpoipm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\Explorer.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uromm.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,gnvqwtw.exe
    O2 - BHO: (no name) - {88fa2e40-bad0-4c2e-b8dc-2306abc487e4} - C:\WINDOWS\system32\AVIFALE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132068026\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
    O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\COMMON~1\SSTEM~1\tracert.exe" -vt yazr
    O4 - HKCU\..\Run: [oiof] C:\PROGRA~1\COMMON~1\oiof\oiofm.exe
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - HKCU\..\Run: [Sxyvdfo] C:\Program Files\Common Files\??crosoft\w?aclt.exe
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
    O4 - Global Startup: Newsflash.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.chm::/MegaInstaller.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBFDBB58-ACC3-427B-86CB-C19C34FD6E19}: NameServer = 85.255.113.109,85.255.112.94
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\System32\xeymi.dll
    O20 - Winlogon Notify: AVIFALE - C:\WINDOWS\SYSTEM32\AVIFALE.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\System32\redist.dll
    O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\WKNSCARD.DLL (file missing)
    O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\ktnql7551.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2FybWVsaXRhIHNtaXRo\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)


    -im not sure what im looking :confused: :confused: :confused:
    I keep getting several popups time to time.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    You're very infected. We have a lot to do.

    Please download Qoofix by Rubber Ducky to your desktop.
    • Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
    • Close all windows and programs, including internet windows.
    • Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
    • Click Begin Removal and wait for the scan to finish
    • If Qoofix finds an infection, select yes to restart your computer
    • You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report into your next reply here.
     
  3. Crossoutmyeyez

    Crossoutmyeyez Thread Starter

    Joined:
    Aug 1, 2006
    Messages:
    8
    Qoofix v1.03 by http://www.malwarebytes.org
    Scan started on [8/3/2006] at [2:15:37 AM]
    -------------------------------------------------------------
    Terminated module: lpwidwi.dll found in Qoofix.exe (244)
    Terminated module: lpwidwi.dll found in RUNDLL32.EXE (1844)
    Terminated module: lpwidwi.dll found in fiximo.exe (2040)
    Terminated module: lpwidwi.dll found in EXPLORER.EXE (220)
    Terminated module: lpwidwi.dll found in uromm.exe (276)
    Terminated module: lpwidwi.dll found in uromm.exe (336)
    Terminated module: lpwidwi.dll found in uromm.exe (368)
    Terminated module: lpwidwi.dll found in hkcmd.exe (656)
    Terminated module: lpwidwi.dll found in IntelMEM.exe (692)
    Terminated module: lpwidwi.dll found in tfswctrl.exe (700)
    Terminated module: lpwidwi.dll found in PCMService.exe (516)
    Terminated module: lpwidwi.dll found in mm_tray.exe (164)
    Terminated module: lpwidwi.dll found in hpgs2wnd.exe (768)
    Terminated module: lpwidwi.dll found in AOLDial.exe (1024)
    Terminated module: lpwidwi.dll found in realplay.exe (1060)
    Terminated module: lpwidwi.dll found in jucheck.exe (1072)
    Terminated module: lpwidwi.dll found in aolsoftware.exe (1080)
    Terminated module: lpwidwi.dll found in CCAPP.EXE (1088)
    Terminated module: lpwidwi.dll found in qttask.exe (1140)
    Terminated module: lpwidwi.dll found in iTunesHelper.exe (1164)
    Terminated module: lpwidwi.dll found in hpgs2wnf.exe (1340)
    Terminated module: lpwidwi.dll found in DSAgnt.exe (1588)
    Terminated module: lpwidwi.dll found in oiofm.exe (1968)
    Terminated module: lpwidwi.dll found in w?aclt.exe (2112)
    Terminated module: lpwidwi.dll found in hpoojd07.exe (2228)
    Terminated module: lpwidwi.dll found in AOLSP Scheduler.exe (2344)
    Terminated module: lpwidwi.dll found in hpoevm07.exe (2688)
    Terminated module: lpwidwi.dll found in hpoipm07.exe (3244)
    Terminated module: lpwidwi.dll found in aolsoftware.exe (3292)
    Terminated module: lpwidwi.dll found in hposts07.exe (3736)
    Terminated module: lpwidwi.dll found in MSMSGS.EXE (676)
    Terminated module: lpwidwi.dll found in wuauclt.exe (3216)
    Terminated module: lpwidwi.dll found in EXPLORER.EXE (3184)
    -------------------------------------------------------------
    C:\WINDOWS\System32\fiximo.exe will be deleted on reboot!
    C:\WINDOWS\System32\gnvqwtw.exe will be deleted on reboot!
    C:\WINDOWS\System32\kgmlx.dat will be deleted on reboot!
    C:\WINDOWS\System32\lpwidwi.dll will be deleted on reboot!
    C:\WINDOWS\System32\uromm.exe will be deleted on reboot!
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wpjjs.exe will be deleted on reboot!
    C:\WINDOWS\unwn.exe will be deleted on reboot!
    C:\WINDOWS\System32\dmonwv.dll will be deleted on reboot!

    User prompted YES to reboot, system now rebooting...
    -------------------------------------------------------------
    Scan COMPLETED SUCCESSFULLY on [8/3/2006] at [2:17:51 AM]

    Note: Some registry keys may have been removed.
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download L2mfix from one of these two locations:

    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe

    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

    Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
    C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:

    1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
    2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there to fix it manually.
    Do not run the fix portion without fixing the error first.
    After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.
     
  5. Crossoutmyeyez

    Crossoutmyeyez Thread Starter

    Joined:
    Aug 1, 2006
    Messages:
    8
    L2MFIX find log 051206
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AVIFALE]
    "Asynchronous"=dword:00000000
    "Dllname"="AVIFALE.dll"
    "Impersonate"=dword:00000000
    "Startup"="OnStartup"
    "Shutdown"="OnShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @=""
    "DLLName"="igfxsrvc.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\k4pmle711h.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons]
    "DllName"="C:\\WINDOWS\\System32\\redist.dll"
    "Logoff"="WinLogoff"
    "Logon"="WinLogon"
    "Shutdown"="WinShutdown"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\WKNSCARD.DLL"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{4BB597FB-6B0C-9106-2203-69AF7014DA1B}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
    "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{A4DF5659-0801-4A60-9607-1C48695EFDA9}"="Share-to-Web Upload Folder"
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
    "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Context Menu Shell Extension"
    "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 DragDrop Shell Extension"
    "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Context Menu Shell Extension"
    "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Property Sheet Shell Extension"
    "{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension"
    "{94C41DB8-21D4-4A15-9125-21279C2544CC}"=""
    "{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}"=""
    "{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\WKNSCARD.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}\InprocServer32]
    @="C:\\WINDOWS\\system32\\CKDIAL32.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}\InprocServer32]
    @="C:\\WINDOWS\\system32\\qhvd.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atmtd.dll Tue Aug 1 2006 7:07:34p A.... 687,592 671.48 K
    avifale.dll Fri May 26 2006 1:05:06a ..... 23,552 23.00 K
    ckdial32.dll Thu Aug 3 2006 2:19:34a ..S.R 235,829 230.30 K
    ddayv.dll Thu May 25 2006 7:04:32p A.SH. 13,325 13.01 K
    k4pmle~1.dll Thu Aug 3 2006 1:56:40a ..S.R 235,829 230.30 K
    lvj009~1.dll Thu Aug 3 2006 2:18:38a ..S.R 234,272 228.78 K
    n64s0g~1.dll Tue Aug 1 2006 9:06:04p ..S.R 235,018 229.51 K
    qhvd.dll Wed Aug 2 2006 8:55:40p ..S.R 235,829 230.30 K
    redist.dll Wed Aug 2 2006 7:13:42p A.... 159,744 156.00 K
    tze.dll Tue Jul 25 2006 1:25:30p A.... 139,264 136.00 K
    windmy.dll Tue Aug 1 2006 7:08:04p A.... 32,768 32.00 K
    winnb58.dll Tue Aug 1 2006 7:07:42p A.... 380,928 372.00 K
    xeymi.dll Tue Aug 1 2006 7:06:22p A.... 221,184 216.00 K

    13 items found: 13 files (6 H/S), 0 directories.
    Total of file sizes: 2,835,134 bytes 2.70 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Volume in drive C has no label.
    Volume Serial Number is 5891-665A

    Directory of C:\WINDOWS\System32

    08/03/2006 02:19 AM 235,829 CKDIAL32.DLL
    08/03/2006 02:18 AM 234,272 lvj0091me.dll
    08/03/2006 01:56 AM 235,829 k4pmle711h.dll
    08/02/2006 08:55 PM 235,829 qhvd.dll
    08/01/2006 09:06 PM 235,018 n64s0gh7e64.dll
    05/25/2006 07:04 PM 13,325 ddayv.dll
    08/09/2005 01:54 PM <DIR> DLLCACHE
    04/13/2004 03:18 PM <DIR> Microsoft
    08/29/2002 06:00 AM 323,072 MSVCRT.DLL
    08/29/2002 06:00 AM 401,462 MSVCP60.DLL
    08/29/2002 06:00 AM 995,383 MFC42.DLL
    08/29/2002 06:00 AM 569,344 OLEAUT32.DLL
    08/29/2002 06:00 AM 106,496 OLEPRO32.DLL
    08/29/2002 06:00 AM 50,688 MSVCIRT.DLL
    08/29/2002 06:00 AM 9,728 REGSVR32.EXE
    13 File(s) 3,646,275 bytes
    2 Dir(s) 21,281,304,576 bytes free
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Close any programs you have open since this step requires a reboot.

    Open the l2mfix folder and double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter.
    Your desktop and icons will disappear (this is normal).
    L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot.
    Press any key to reboot.
    After the reboot notepad will open with a log.
    Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
    IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
    If after the reboot the log does not open, double click on it in the l2mfix folder.
     
  7. Crossoutmyeyez

    Crossoutmyeyez Thread Starter

    Joined:
    Aug 1, 2006
    Messages:
    8
    L2mfix 051206
    Creating Account.
    The command completed successfully.

    Adding Administrative privleges.
    The command completed successfully.
    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX ... successful

    Running From:
    C:\WINDOWS\system32

    Killing Processes!
    Killing 'smss.exe'
    \SystemRoot\System32\smss.exe (688)
    Killing 'winlogon.exe'
    winlogon.exe (784)
    Killing 'explorer.exe'
    "C:\WINDOWS\explorer.exe" (472)
    Killing 'rundll32.exe'
    rundll32.exe "C:\WINDOWS\system32\CKDIAL32.DLL",DllGetVersion (216)
    Restoring Sedebugprivilege:
    Granting SeDebugPrivilege to Administrators ... successful

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    1 file(s) copied.
    1 file(s) copied.
    1 file(s) copied.
    1 file(s) copied.
    Deleting: C:\WINDOWS\system32\CKDIAL32.DLL
    Successfully Deleted: C:\WINDOWS\system32\CKDIAL32.DLL
    Deleting: C:\WINDOWS\system32\n64s0gh7e64.dll
    Successfully Deleted: C:\WINDOWS\system32\n64s0gh7e64.dll
    Deleting: C:\WINDOWS\system32\qhvd.dll
    Successfully Deleted: C:\WINDOWS\system32\qhvd.dll
    Deleting: C:\WINDOWS\system32\redist.dll

    msg11?.dll
    0 file(s) copied.



    Restoring Windows Update Certificates.:

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AVIFALE]
    "Asynchronous"=dword:00000000
    "Dllname"="AVIFALE.dll"
    "Impersonate"=dword:00000000
    "Startup"="OnStartup"
    "Shutdown"="OnShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    @=""
    "DLLName"="igfxsrvc.dll"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001
    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\k4pmle711h.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons]
    "DllName"="C:\\WINDOWS\\System32\\redist.dll"
    "Logoff"="WinLogoff"
    "Logon"="WinLogon"
    "Shutdown"="WinShutdown"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\WKNSCARD.DLL"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    The following are the files found:
    ****************************************************************************
    C:\WINDOWS\system32\CKDIAL32.DLL
    C:\WINDOWS\system32\n64s0gh7e64.dll
    C:\WINDOWS\system32\qhvd.dll
    C:\WINDOWS\system32\redist.dll

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\WKNSCARD.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}\InprocServer32]
    @="C:\\WINDOWS\\system32\\CKDIAL32.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}\InprocServer32]
    @="C:\\WINDOWS\\system32\\qhvd.dll"
    "ThreadingModel"="Apartment"

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{94C41DB8-21D4-4A15-9125-21279C2544CC}"=-
    "{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}"=-
    "{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{94C41DB8-21D4-4A15-9125-21279C2544CC}]
    [-HKEY_CLASSES_ROOT\CLSID\{9A4AEC2B-717B-4403-8045-F8E7F17F9B68}]
    [-HKEY_CLASSES_ROOT\CLSID\{F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "SV1"=""
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************

    ****************************************************************************
    Checking for L2MFix account(0=no 1=yes):
    0
    Zipping up files for submission:
    adding: dlls/CKDIAL32.DLL (188 bytes security) (deflated 5%)
    adding: dlls/n64s0gh7e64.dll (188 bytes security) (deflated 5%)
    adding: dlls/qhvd.dll (188 bytes security) (deflated 5%)
    adding: dlls/redist.dll (188 bytes security) (deflated 54%)
    adding: backregs/94C41DB8-21D4-4A15-9125-21279C2544CC.reg (212 bytes security) (deflated 69%)
    adding: backregs/9A4AEC2B-717B-4403-8045-F8E7F17F9B68.reg (212 bytes security) (deflated 70%)
    adding: backregs/F7C7D60B-E69B-4F53-AC2B-29DFE2E1E690.reg (212 bytes security) (deflated 70%)
    adding: backregs/notibac.reg (188 bytes security) (deflated 88%)
    adding: backregs/shell.reg (188 bytes security) (deflated 74%)
     
  8. Crossoutmyeyez

    Crossoutmyeyez Thread Starter

    Joined:
    Aug 1, 2006
    Messages:
    8
    Logfile of HijackThis v1.99.1
    Scan saved at 4:53:32 PM, on 8/4/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Y2FybWVsaXRhIHNtaXRo\command.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\Program Files\Common Files\AOL\1132068026\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\{5891665A-0A62-1033-1202-030512200001}\Update.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\AIM\aim.exe
    C:\PROGRA~1\COMMON~1\oiof\oiofm.exe
    C:\PROGRA~1\COMMON~1\oiof\oiofa.exe
    C:\Program Files\Common Files\??crosoft\w?aclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\program files\common files\aol\1132068026\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
    C:\PROGRA~1\COMMON~1\SSTEM~1\tracert.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    c:\program files\common files\aol\1132068026\ee\aolsoftware.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\System32\hpoipm07.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R3 - URLSearchHook: (no name) - {F5008D7C-1DB3-411E-E8AC-14848A971DBE} - C:\WINDOWS\System32\tchlx.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uromm.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,gnvqwtw.exe
    O2 - BHO: (no name) - {88fa2e40-bad0-4c2e-b8dc-2306abc487e4} - C:\WINDOWS\system32\AVIFALE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132068026\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [eacamm] C:\WINDOWS\System32\fiximo.exe reg_run
    O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\System32\redistributor.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
    O4 - HKCU\..\Run: [oiof] C:\PROGRA~1\COMMON~1\oiof\oiofm.exe
    O4 - HKCU\..\Run: [Sxyvdfo] C:\Program Files\Common Files\??crosoft\w?aclt.exe
    O4 - HKCU\..\Run: [bwjbn] C:\WINDOWS\System32\fiximo.exe reg_run
    O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\COMMON~1\SSTEM~1\tracert.exe" -vt yazr
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
    O4 - Global Startup: Newsflash.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.chm::/MegaInstaller.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBFDBB58-ACC3-427B-86CB-C19C34FD6E19}: NameServer = 85.255.113.109,85.255.112.94
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: AVIFALE - C:\WINDOWS\SYSTEM32\AVIFALE.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\System32\redist.dll
    O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\WKNSCARD.DLL (file missing)
    O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\k4pmle711h.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2FybWVsaXRhIHNtaXRo\command.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  10. Crossoutmyeyez

    Crossoutmyeyez Thread Starter

    Joined:
    Aug 1, 2006
    Messages:
    8
    when i tried the panda scan the start bar never came up =/ so the following are only from HJT and ewido.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:04:16 AM, on 8/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\AOL\1132068026\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    c:\program files\common files\aol\1132068026\ee\services\antiSpywareApp\ver2_0_27_1\AOLSP Scheduler.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Common Files\{5891665A-0A62-1033-1202-030512200001}\Update.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\AIM\aim.exe
    c:\program files\common files\aol\1132068026\ee\aolsoftware.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\Explorer.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R3 - URLSearchHook: (no name) - {F5008D7C-1DB3-411E-E8AC-14848A971DBE} - C:\WINDOWS\System32\tchlx.dll (file missing)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\uromm.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,gnvqwtw.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132068026\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [eacamm] C:\WINDOWS\System32\fiximo.exe reg_run
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
    O4 - HKCU\..\Run: [oiof] C:\PROGRA~1\COMMON~1\oiof\oiofm.exe
    O4 - HKCU\..\Run: [Sxyvdfo] C:\Program Files\Common Files\??crosoft\w?aclt.exe
    O4 - HKCU\..\Run: [bwjbn] C:\WINDOWS\System32\fiximo.exe reg_run
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
    O4 - Global Startup: Newsflash.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.chm::/MegaInstaller.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBFDBB58-ACC3-427B-86CB-C19C34FD6E19}: NameServer = 85.255.113.109,85.255.112.94
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: AVIFALE - AVIFALE.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\System32\redist.dll (file missing)
    O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\dn8201loe.dll (file missing)
    O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\gppol3731.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
     
  11. Crossoutmyeyez

    Crossoutmyeyez Thread Starter

    Joined:
    Aug 1, 2006
    Messages:
    8
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:07:44 AM 8/6/2006

    + Scan result:



    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214286.dll -> Adware.CASClient : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214241.exe -> Adware.CommAd : Cleaned with backup (quarantined).
    C:\WINDOWS\Y2FybWVsaXRhIHNtaXRo\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213744.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213783.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213784.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213789.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213848.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213854.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0213933.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0213941.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0213996.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214061.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214071.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214114.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214119.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214185.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214186.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214187.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214242.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214311.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214362.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214417.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214418.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214423.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214485.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214496.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214549.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214593.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214603.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214638.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0215642.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0216674.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0216698.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0216766.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0216808.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0216826.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\AYLDial.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\BZOWSELC.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\IQSSUBA.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\MLDTCPRX.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\SOTUPAPI.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\h02olaf31d2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\lvj0091me.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\l2mfix\backup.zip/dlls/CKDIAL32.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\l2mfix\backup.zip/dlls/n64s0gh7e64.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\l2mfix\backup.zip/dlls/qhvd.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\l2mfix\dlls\CKDIAL32.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\l2mfix\dlls\n64s0gh7e64.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\l2mfix\dlls\qhvd.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    [704] C:\WINDOWS\system32\KPDNEC.DLL -> Adware.Look2Me : Error during cleaning.
    [832] C:\WINDOWS\system32\KPDNEC.DLL -> Adware.Look2Me : Error during cleaning.
    C:\Documents and Settings\kelvin\Local Settings\Temp\ICD3.tmp\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\mmxsnet.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
    C:\Program Files\Cowabanga\Cowabanga.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\mit272.tmp.cab/NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\mit272.tmp/NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214276.dll -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214289.dll -> Adware.Mirar : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\ShudderLTD -> Adware.PSGuard : Error during cleaning.
    HKLM\SOFTWARE\ShudderLTD\PSGuard -> Adware.PSGuard : Error during cleaning.
    HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard -> Adware.PSGuard : Error during cleaning.
    HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License -> Adware.PSGuard : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\&#1052;&#1110;crosoft\w&#965;aclt.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0214172.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0214173.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214636.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\A7F25E.tmp/cvn0.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\A8F27D.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214279.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\celebrity_news.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\celebrity_search.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\gossip.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\A7F25E.tmp/zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\A8F27D.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\A8F27D.tmp/fhsxc.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0213926.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\fhsxc.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\xeymi.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214635.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060802111234.zip/Program Files/webhancer/Programs/webhdll.to_be_deleted_x -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060802111234.zip/Program Files/webhancer/Programs/whSurvey.to_be_deleted -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060802111234.zip/Program Files/webhancer/programs/webhdll.to_be_deleted -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213835.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0213927.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\3138302D2D2D.exe -> Downloader.Adload.bl : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213844.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213857.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213846.exe -> Downloader.Adload.dj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213845.exe -> Downloader.Adload.dl : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213862.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214290.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214113.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0216825.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0205471.exe -> Downloader.ConHook.ab : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temporary Internet Files\Content.IE5\KDQNKRS5\nem220[1].dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\cln2BF.tmp -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0213977.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214410.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\s&#1091;stem\tracert.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213676.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213851.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\f11688296.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214107.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214108.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214109.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214110.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214111.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\WINDOWS\kiuj0v.exe -> Downloader.Small.afi : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213672.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213850.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213853.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\VSL.dl_ -> Downloader.Small.ctp : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\oiof\oiofp.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\oiof\oiofa.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214634.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213847.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\oiof\oiofl.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213858.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213859.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213860.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
    C:\WINDOWS\amm06.ocx -> Downloader.VB.bo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213861.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temporary Internet Files\Content.IE5\E3Y5UHW7\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
    C:\Program Files\html1.htm -> Hijacker.Small.jf : Cleaned with backup (quarantined).
    C:\Program Files\html2.htm -> Hijacker.Small.jf : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\MegaInstaller.exe -> Hijacker.StartPage.rn : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\drsmartload180a.exe -> Hijacker.VB.fg : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\mmxpact.exe -> Hijacker.VB.fg : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0213852.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temporary Internet Files\Content.IE5\4UHN4TIH\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temporary Internet Files\Content.IE5\GP230XQR\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temporary Internet Files\Content.IE5\GLU3K34V\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-72d76c7c.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-72d76c7c.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv467.jar-2028323a-66c01c92.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0214232.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][3].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
     
  12. Crossoutmyeyez

    Crossoutmyeyez Thread Starter

    Joined:
    Aug 1, 2006
    Messages:
    8
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Casinodelrio : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Casinodelrio : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Cookies\jack [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Cookies\carmelita [email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\kelvin\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0213932.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214056.exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0214633.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
    C:\l2mfix\backup.zip/dlls/redist.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
    C:\l2mfix\dlls\redist.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
    C:\Documents and Settings\carmelita smith\Local Settings\Temp\pcxky6.sys -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
    C:\Documents and Settings\jack smith\Local Settings\Temp\pcxky6.sys -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0214112.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
    C:\I386\REG.EXE -> Worm.Randon : Cleaned with backup (quarantined).


    ::Report end
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download KillBox.

    Save it to your desktop.
    DO NOT run it yet. We will use it later.

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.

    At the end of the fix, you may need to restart your computer again.

    Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/488644

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice