Popups All The Time


Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 1:31:20 PM, on 12/9/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\DIGStream\digstream.exe

C:\Program Files\ESPNRunTime\DIGServices.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Brandi\My Documents\VX2Finder.exe

C:\Documents and Settings\Brandi\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\fplm0331e.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Link to post
Share on other sites

You have the latest version of VX2. Download L2mfix from:

http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

Link to post
Share on other sites

L2MFIX find log 120305

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

@=""

"DLLName"="igfxsrvc.dll"

"Asynchronous"=dword:00000001

"Impersonate"=dword:00000001

"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\fplm0331e.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{A71BF27B-211A-A5BC-B891-75E38D1EE4DE}"=""

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

"{C4213067-97B3-4929-9B98-B5600FBBBA13}"="TouchED"

"{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online"

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"

"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"

"{CD882CA8-441B-40CC-BCD7-259682558DBB}"=""

"{77BC4A9A-46DF-4E18-A6D5-12209A07A610}"=""

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"

"{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}"=""

********************************************************************************

**

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\InprocServer32]

@="C:\\WINDOWS\\system32\\ghiplus.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\InprocServer32]

@="C:\\WINDOWS\\system32\\jZvaee.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\InprocServer32]

@="C:\\WINDOWS\\system32\\_S02786_.tmp.dll"

"ThreadingModel"="Apartment"

********************************************************************************

**

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

0ce80unc.dll Thu Dec 8 2005 7:02:12a A.... 22,016 21.50 K

0ce89y3o.dll Thu Dec 8 2005 7:02:14a A.... 39,936 39.00 K

f22m0c~1.dll Fri Dec 9 2005 1:06:02p ..S.R 234,527 229.03 K

fplm03~1.dll Fri Dec 9 2005 5:19:28a ..S.R 234,405 228.91 K

jzvaee.dll Fri Dec 9 2005 1:06:02p ..... 234,405 228.91 K

px.dll Wed Sep 14 2005 2:17:44p ..... 462,848 452.00 K

pxdrv.dll Wed Sep 14 2005 2:17:44p ..... 319,488 312.00 K

pxmas.dll Wed Sep 14 2005 2:17:44p ..... 143,360 140.00 K

pxwave.dll Wed Sep 14 2005 2:17:44p ..... 286,720 280.00 K

vxblock.dll Wed Sep 14 2005 2:17:44p ..... 28,672 28.00 K

_s0278~1.dll Fri Dec 9 2005 5:19:28a ..S.R 234,272 228.78 K

11 items found: 11 files (3 H/S), 0 directories.

Total of file sizes: 2,240,649 bytes 2.14 M

Locate .tmp files:

C:\WINDOWS\SYSTEM32\

__dele~1.tmp Fri Dec 9 2005 1:08:02p A.... 234,405 228.91 K

1 item found: 1 file, 0 directories.

Total of file sizes: 234,405 bytes 228.91 K

********************************************************************************

**

Directory Listing of system files:

Volume in drive C has no label.

Volume Serial Number is C0AC-79E0

Directory of C:\WINDOWS\System32

12/09/2005 01:06 PM 234,527 f22m0cf1ef2.dll

12/09/2005 05:19 AM 234,272 _S02786_.tmp.dll

12/09/2005 05:19 AM 234,405 fplm0331e.dll

10/27/2005 10:48 AM <DIR> dllcache

09/04/2004 01:36 AM 1,104 ChzlkXXS.9u1

07/20/2004 02:55 AM 1,104 Szep85lm.bua

06/24/2004 10:27 PM 1,104 JqvGne.017

06/24/2004 05:27 AM 1,104 AfxJiWVQ.9t0

06/24/2004 05:27 AM 1,104 Ejan.4zz

06/21/2004 06:01 AM <DIR> Microsoft

06/05/2004 01:56 AM 1,188 IpuFmd.016

9 File(s) 709,912 bytes

2 Dir(s) 17,769,000,960 bytes free

Link to post
Share on other sites

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder.

Link to post
Share on other sites

Ok here it is...

L2mfix Beta 120305

Creating Account.

The command completed successfully.

Adding Administrative privleges.

The command completed successfully.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

C:\WINDOWS\System32\77BC4A9A-46DF-4E18-A6D5-12209A07A610.reg

C:\WINDOWS\System32\C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF.reg

C:\WINDOWS\System32\CD882CA8-441B-40CC-BCD7-259682558DBB.reg

Checking for L2MFix account(0=no 1=yes):

0

**************************************************************************

Logfile of HijackThis v1.99.1

Scan saved at 1:55:35 PM, on 12/9/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\System32\00THotkey.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\DIGStream\digstream.exe

C:\Program Files\ESPNRunTime\DIGServices.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\PROGRA~1\Webshots\webshots.scr

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Brandi\My Documents\HijackThis.exe

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\fplm0331e.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Link to post
Share on other sites

It fell in the txt file report instead of log...i think

L2MFIX find log 120305

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

@=""

"DLLName"="igfxsrvc.dll"

"Asynchronous"=dword:00000001

"Impersonate"=dword:00000001

"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\fplm0331e.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{A71BF27B-211A-A5BC-B891-75E38D1EE4DE}"=""

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"

"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

"{C4213067-97B3-4929-9B98-B5600FBBBA13}"="TouchED"

"{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online"

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"

"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"

"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"

"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"

"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"

"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"

"{CD882CA8-441B-40CC-BCD7-259682558DBB}"=""

"{77BC4A9A-46DF-4E18-A6D5-12209A07A610}"=""

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"

"{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}"=""

********************************************************************************

**

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\InprocServer32]

@="C:\\WINDOWS\\system32\\ghiplus.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\InprocServer32]

@="C:\\WINDOWS\\system32\\jZvaee.dll"

"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\Implemented Categories]

@=""

[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\InprocServer32]

@="C:\\WINDOWS\\system32\\_S02786_.tmp.dll"

"ThreadingModel"="Apartment"

********************************************************************************

**

Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\

0ce80unc.dll Thu Dec 8 2005 7:02:12a A.... 22,016 21.50 K

0ce89y3o.dll Thu Dec 8 2005 7:02:14a A.... 39,936 39.00 K

f22m0c~1.dll Fri Dec 9 2005 1:06:02p ..S.R 234,527 229.03 K

fplm03~1.dll Fri Dec 9 2005 5:19:28a ..S.R 234,405 228.91 K

jzvaee.dll Fri Dec 9 2005 1:06:02p ..... 234,405 228.91 K

px.dll Wed Sep 14 2005 2:17:44p ..... 462,848 452.00 K

pxdrv.dll Wed Sep 14 2005 2:17:44p ..... 319,488 312.00 K

pxmas.dll Wed Sep 14 2005 2:17:44p ..... 143,360 140.00 K

pxwave.dll Wed Sep 14 2005 2:17:44p ..... 286,720 280.00 K

vxblock.dll Wed Sep 14 2005 2:17:44p ..... 28,672 28.00 K

_s0278~1.dll Fri Dec 9 2005 5:19:28a ..S.R 234,272 228.78 K

11 items found: 11 files (3 H/S), 0 directories.

Total of file sizes: 2,240,649 bytes 2.14 M

Locate .tmp files:

C:\WINDOWS\SYSTEM32\

__dele~1.tmp Fri Dec 9 2005 1:08:02p A.... 234,405 228.91 K

1 item found: 1 file, 0 directories.

Total of file sizes: 234,405 bytes 228.91 K

********************************************************************************

**

Directory Listing of system files:

Volume in drive C has no label.

Volume Serial Number is C0AC-79E0

Directory of C:\WINDOWS\System32

12/09/2005 01:06 PM 234,527 f22m0cf1ef2.dll

12/09/2005 05:19 AM 234,272 _S02786_.tmp.dll

12/09/2005 05:19 AM 234,405 fplm0331e.dll

10/27/2005 10:48 AM <DIR> dllcache

09/04/2004 01:36 AM 1,104 ChzlkXXS.9u1

07/20/2004 02:55 AM 1,104 Szep85lm.bua

06/24/2004 10:27 PM 1,104 JqvGne.017

06/24/2004 05:27 AM 1,104 AfxJiWVQ.9t0

06/24/2004 05:27 AM 1,104 Ejan.4zz

06/21/2004 06:01 AM <DIR> Microsoft

06/05/2004 01:56 AM 1,188 IpuFmd.016

9 File(s) 709,912 bytes

2 Dir(s) 17,769,000,960 bytes free

***********************************************************************

Logfile of HijackThis v1.99.1

Scan saved at 2:17:17 PM, on 12/9/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\DIGStream\digstream.exe

C:\Program Files\ESPNRunTime\DIGServices.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Brandi\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\fplm0331e.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Link to post
Share on other sites
  therock247uk said:
Hmm it looks like you ran ootion 1 not option 2.

I did option 2 gave me the same log as before...

L2mfix Beta 120305

Creating Account.

The command completed successfully.

Adding Administrative privleges.

The command completed successfully.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

C:\WINDOWS\System32\D0C2D0F9-13D3-4C9E-8DDC-B617D7B3632B.reg

Checking for L2MFix account(0=no 1=yes):

0

Link to post
Share on other sites

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:

    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.

    [*]Click Sweep Now on the left side.

    [*]Click the Start button.

    [*]When it's done scanning, click the Next button.

    [*]Make sure everything has a check next to it, then click the Next button.

    [*]It will remove all of the items found.

    [*]Click Session Log in the upper right corner, copy everything in that window.

    [*]Click the Summary tab and click Finish.

    [*]Paste the contents of the session log you copied into your next reply.

Link to post
Share on other sites

********

3:15 PM: | Start of Session, Friday, December 09, 2005 |

3:15 PM: Spy Sweeper started

3:15 PM: Sweep initiated using definitions version 582

3:15 PM: Starting Memory Sweep

3:16 PM: Found Adware: icannnews

3:16 PM: Detected running threat: C:\WINDOWS\system32\omesvr32.dll (ID = 83)

3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:16 PM: Detected running threat: C:\WINDOWS\system32\l2l60c3sef.dll (ID = 83)

3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: Found Adware: wfgtech

3:18 PM: Detected running threat: C:\WINDOWS\system32\0ce80unc.dll (ID = 203552)

3:18 PM: Detected running threat: C:\WINDOWS\system32\0ce89y3o.dll (ID = 203553)

3:18 PM: Memory Sweep Complete, Elapsed Time: 00:02:38

3:18 PM: Starting Registry Sweep

3:18 PM: Found Adware: cws-aboutblank

3:18 PM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)

3:18 PM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)

3:18 PM: Found Adware: linkmaker

3:18 PM: HKLM\software\classes\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129743)

3:18 PM: HKCR\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129750)

3:18 PM: Found Adware: minigolf

3:18 PM: HKLM\software\minigolf\ (1 subtraces) (ID = 135062)

3:18 PM: Found Adware: websearch toolbar

3:18 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\ (2 subtraces) (ID = 146481)

3:18 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow.dll (ID = 146496)

3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)

3:18 PM: Found Adware: wildmedia

3:18 PM: HKCR\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146688)

3:18 PM: HKLM\software\classes\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146699)

3:18 PM: Found Adware: quicklink search toolbar

3:18 PM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359437)

3:18 PM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359440)

3:18 PM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448)

3:18 PM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449)

3:18 PM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450)

3:18 PM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451)

3:18 PM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452)

3:18 PM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453)

3:18 PM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454)

3:18 PM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455)

3:18 PM: HKLM\software\ql\ (3 subtraces) (ID = 359458)

3:18 PM: Found Adware: findthewebsiteyouneed hijacker

3:18 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)

3:18 PM: Found Adware: clientman

3:18 PM: HKCR\appid\urlcli.dll\ (1 subtraces) (ID = 701476)

3:18 PM: HKLM\software\classes\appid\urlcli.dll\ (1 subtraces) (ID = 701492)

3:18 PM: HKCR\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727328)

3:18 PM: HKLM\software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727357)

3:18 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)

3:18 PM: Found Adware: dollarrevenue

3:18 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)

3:18 PM: Found Adware: command

3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)

3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)

3:18 PM: Found Adware: bho_sep

3:18 PM: HKU\S-1-5-18\software\sep\ (8 subtraces) (ID = 141642)

3:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)

3:18 PM: Registry Sweep Complete, Elapsed Time:00:00:21

3:18 PM: Starting Cookie Sweep

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: Found Spy Cookie: abcsearch cookie

3:18 PM: brandi@abcsearch[2].txt (ID = 2033)

3:18 PM: Found Spy Cookie: adknowledge cookie

3:18 PM: brandi@adknowledge[1].txt (ID = 2072)

3:18 PM: Found Spy Cookie: hbmediapro cookie

3:18 PM: brandi@adopt.hbmediapro[2].txt (ID = 2768)

3:18 PM: Found Spy Cookie: adrevolver cookie

3:18 PM: brandi@adrevolver[2].txt (ID = 2088)

3:18 PM: brandi@adrevolver[3].txt (ID = 2088)

3:18 PM: Found Spy Cookie: apmebf cookie

3:18 PM: brandi@apmebf[2].txt (ID = 2229)

3:18 PM: Found Spy Cookie: ask cookie

3:18 PM: brandi@ask[1].txt (ID = 2245)

3:18 PM: Found Spy Cookie: atlas dmt cookie

3:18 PM: brandi@atdmt[1].txt (ID = 2253)

3:18 PM: Found Spy Cookie: belnk cookie

3:18 PM: brandi@ath.belnk[2].txt (ID = 2293)

3:18 PM: Found Spy Cookie: atwola cookie

3:18 PM: brandi@atwola[1].txt (ID = 2255)

3:18 PM: Found Spy Cookie: azjmp cookie

3:18 PM: brandi@azjmp[2].txt (ID = 2270)

3:18 PM: Found Spy Cookie: banner cookie

3:18 PM: brandi@banner[1].txt (ID = 2276)

3:18 PM: brandi@belnk[2].txt (ID = 2292)

3:18 PM: Found Spy Cookie: casalemedia cookie

3:18 PM: brandi@casalemedia[1].txt (ID = 2354)

3:18 PM: brandi@dist.belnk[1].txt (ID = 2293)

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: Found Spy Cookie: exitexchange cookie

3:18 PM: brandi@exitexchange[1].txt (ID = 2633)

3:18 PM: Found Spy Cookie: findwhat cookie

3:18 PM: brandi@findwhat[1].txt (ID = 2674)

3:18 PM: Found Spy Cookie: go.com cookie

3:18 PM: brandi@go[1].txt (ID = 2728)

3:18 PM: brandi@go[2].txt (ID = 2728)

3:18 PM: brandi@go[3].txt (ID = 2728)

3:18 PM: Found Spy Cookie: clickandtrack cookie

3:18 PM: brandi@hits.clickandtrack[2].txt (ID = 2397)

3:18 PM: Found Spy Cookie: epilot cookie

3:18 PM: brandi@ilclick.epilot[2].txt (ID = 2622)

3:18 PM: Found Spy Cookie: maxserving cookie

3:18 PM: brandi@maxserving[1].txt (ID = 2966)

3:18 PM: Found Spy Cookie: nextag cookie

3:18 PM: brandi@nextag[2].txt (ID = 5014)

3:18 PM: Found Spy Cookie: paypopup cookie

3:18 PM: brandi@paypopup[2].txt (ID = 3119)

3:18 PM: Found Spy Cookie: overture cookie

3:18 PM: brandi@perf.overture[1].txt (ID = 3106)

3:18 PM: Found Spy Cookie: realmedia cookie

3:18 PM: brandi@realmedia[1].txt (ID = 3235)

3:18 PM: Found Spy Cookie: reliablestats cookie

3:18 PM: brandi@stats1.reliablestats[1].txt (ID = 3254)

3:18 PM: Found Spy Cookie: tradedoubler cookie

3:18 PM: brandi@tradedoubler[2].txt (ID = 3575)

3:18 PM: Found Spy Cookie: videodome cookie

3:18 PM: brandi@videodome[1].txt (ID = 3638)

3:18 PM: Found Spy Cookie: upspiral cookie

3:18 PM: brandi@www.upspiral[2].txt (ID = 3615)

3:18 PM: Found Spy Cookie: winantiviruspro cookie

3:18 PM: brandi@www.winantiviruspro[2].txt (ID = 3690)

3:18 PM: Found Spy Cookie: xiti cookie

3:18 PM: brandi@xiti[1].txt (ID = 3717)

3:18 PM: Found Spy Cookie: zedo cookie

3:18 PM: brandi@zedo[2].txt (ID = 3762)

3:18 PM: system@go[1].txt (ID = 2728)

3:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03

3:18 PM: Starting File Sweep

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:19 PM: Found Adware: 180search assistant/zango

3:19 PM: c:\windows\system32\fleok (ID = -2147480556)

3:19 PM: inst_0004[1].exe (ID = 203674)

3:19 PM: Found Adware: look2me

3:19 PM: appwrap[1].exe (ID = 65721)

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: bw2.com (ID = 65721)

3:20 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp444\a0124490.exe". Access is denied

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: Found Adware: delfin

3:21 PM: 4df33016-45ef-4fe2-b7de-af8a87 (ID = 57725)

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: 52d86398-96cb-4ce7-b76e-a73936 (ID = 57716)

3:23 PM: inst_0004.exe (ID = 203674)

3:23 PM: ltndload[1].dll (ID = 203552)

3:23 PM: 0ce80unc.dll (ID = 203552)

3:23 PM: Found Adware: targetsaver

3:23 PM: tsinstall_4_0_4_0_b4.exe (ID = 193496)

3:23 PM: ltndmain[1].dll (ID = 203553)

3:23 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp444\a0124518.exe". Access is denied

3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:24 PM: 3d28b6d3-34d7-4ad1-b81f-919a27 (ID = 57781)

3:24 PM: mfex-16.dat (ID = 144945)

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: e4962307-cf35-4a28-99dc-361c44 (ID = 57718)

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: Found Adware: dialerplatform

3:25 PM: sportsinteraction.ico (ID = 58328)

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: Found Adware: purityscan

3:25 PM: a0124578.exe (ID = 73267)

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: a7ab5c0d-dad3-44a0-a165-6b36fe (ID = 57692)

3:26 PM: 42860d3a-a13a-42f4-b2c9-dce72f (ID = 57693)

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: Found Adware: ezula ilookup

3:26 PM: a0124580.exe (ID = 60560)

3:26 PM: 11c54bd5-143e-4c32-b0e2-728fa3 (ID = 87579)

3:27 PM: a0124565.exe (ID = 195128)

3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:27 PM: a0124567.exe (ID = 195131)

3:28 PM: a0124568.exe (ID = 195132)

3:28 PM: iconu.exe (ID = 65721)

3:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:28 PM: a0124521.exe (ID = 200314)

3:28 PM: icont.exe (ID = 65722)

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: a0124563.exe (ID = 185985)

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: a0124573.exe (ID = 203611)

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:33 PM: a0124564.exe (ID = 193995)

3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: a0124566.exe (ID = 195130)

3:36 PM: Found Adware: addestroyer

3:36 PM: inneradinstall.log (ID = 49035)

3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:38 PM: 0ce89y3o.dll (ID = 203553)

3:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:38 PM: appwrap[1].exe (ID = 65739)

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: a0124549.dll (ID = 159)

3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:40 PM: a0124533.dll (ID = 163672)

3:40 PM: a0124644.dll (ID = 159)

3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:40 PM: a0124552.dll (ID = 163672)

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: 5be6719c-fb86-4119-893e-60fefd (ID = 87579)

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: mfex-23.dat (ID = 144945)

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: Found Adware: keenvalue/perfectnav

3:43 PM: a0124512.exe (ID = 64892)

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:44 PM: Found Adware: whenu searchbar/pricebandit

3:44 PM: d2bd9f9d-a9f6-4552-868c-5577cf (ID = 129801)

3:44 PM: mfex-17.dat (ID = 144945)

3:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: a0124587.dll (ID = 200308)

3:46 PM: c10699a5-b9b0-42a5-9cc8-d28d96 (ID = 129770)

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: appwrap[1].exe (ID = 65722)

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: a0124527.dll (ID = 163672)

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: mfex-24.dat (ID = 144945)

3:53 PM: a0124583.dll (ID = 163672)

3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:53 PM: mfex-37.dat (ID = 144945)

3:54 PM: a0124586.dll (ID = 159)

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:54 PM: mfex-2.dat (ID = 144945)

3:54 PM: Found Adware: adtech

3:54 PM: a0124517.exe (ID = 203582)

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: mfex-18.dat (ID = 144945)

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: mfex-3.dat (ID = 144945)

3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:59 PM: a0124604.dll (ID = 159)

3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:59 PM: m4nqle551h.dll (ID = 159)

3:59 PM: a0124588.dll (ID = 159)

3:59 PM: a0124589.dll (ID = 163672)

4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:00 PM: a0124520.exe (ID = 200311)

4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:00 PM: omesvr32.dll (ID = 159)

4:00 PM: a0124645.dll (ID = 159)

4:01 PM: mfex-4.dat (ID = 144945)

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp402\a0118452.exe". Access is denied

4:01 PM: tsuninst.exe (ID = 193501)

4:01 PM: class-barrel (ID = 78229)

4:01 PM: a0124576.dll (ID = 195129)

4:01 PM: vocabulary (ID = 78283)

4:01 PM: a0124574.exe (ID = 200300)

4:01 PM: Found Adware: apropos

4:01 PM: a0124572.exe (ID = 203610)

4:01 PM: a0124577.exe (ID = 200309)

4:01 PM: a0124575.exe (ID = 168558)

4:01 PM: mfex-5.dat (ID = 144945)

4:01 PM: mfex-1.dat (ID = 144946)

4:01 PM: f22m0cf1ef2.dll (ID = 159)

4:01 PM: mfex-6.dat (ID = 144945)

4:01 PM: mfex-7.dat (ID = 144945)

4:01 PM: mfex-19.dat (ID = 144945)

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: mv06l9ds1.dll (ID = 159)

4:02 PM: _s02786_.tmp.dll (ID = 163672)

4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: eanclass.dll (ID = 159)

4:02 PM: a0124526.dll (ID = 144945)

4:02 PM: mfex-20.dat (ID = 144945)

4:03 PM: mfex-21.dat (ID = 144945)

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: g422lefo1h2c.dll (ID = 159)

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: f83213e9-cce7-4bed-be48-d8c0f4 (ID = 161460)

4:03 PM: 8e63125c-4582-40e2-aed2-c80f54 (ID = 129805)

4:03 PM: ccusapi.dll (ID = 159)

4:03 PM: mfex-38.dat (ID = 144946)

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: mfex-8.dat (ID = 144945)

4:04 PM: a0124525.exe (ID = 144946)

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: mfex-9.dat (ID = 144945)

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: mfex-10.dat (ID = 144945)

4:07 PM: mfex-11.dat (ID = 144945)

4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: mfex-22.dat (ID = 144945)

4:07 PM: mfex-12.dat (ID = 144945)

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: mfex-13.dat (ID = 144945)

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: 9400[1].cab (ID = 200301)

4:10 PM: mfex-14.dat (ID = 144945)

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: 782e8e34-2fa5-4547-9f93-93352b (ID = 129799)

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: b5d24e.tmp (ID = 200301)

4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:13 PM: a0124513.dll (ID = 166754)

4:13 PM: tsupdate2[1].ini (ID = 193498)

4:14 PM: mfex-15.dat (ID = 144945)

4:14 PM: l2l60c3sef.dll (ID = 159)

4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:14 PM: The Spy Commu

Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:09:25 PM, on 12/9/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\DIGStream\digstream.exe

C:\Program Files\ESPNRunTime\DIGServices.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Brandi\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Link to post
Share on other sites

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:

http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Link to post
Share on other sites

Log of AproposFix v1

************

Running from directory:

C:\Documents and Settings\Brandi\Desktop\aproposfix

************

Registry entries found:

************

No service found!

Removing hidden folder:

No folder found!

Deleting files:

Backing up files:

Done!

Removing registry entries:

REGEDIT4

Done!

Finished!

***************************************************************************

Logfile of HijackThis v1.99.1

Scan saved at 5:30:04 PM, on 12/9/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\DIGStream\digstream.exe

C:\Program Files\ESPNRunTime\DIGServices.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Brandi\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Link to post
Share on other sites

1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376

2. Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:37:05 PM, on 12/9/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\DIGStream\digstream.exe

C:\Program Files\ESPNRunTime\DIGServices.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Brandi\My Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Link to post
Share on other sites

Your log is clean :)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.