Shaun Posted December 9, 2005 Report Share Posted December 9, 2005 Logfile of HijackThis v1.99.1Scan saved at 1:31:20 PM, on 12/9/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEC:\WINDOWS\System32\DRIVERS\dcfssvc.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Analog Devices\SoundMAX\PmProxy.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\ESPNRunTime\DIGServices.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\System32\wuauclt.exeC:\toshiba\ivp\ism\ivpsvmgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Brandi\My Documents\VX2Finder.exeC:\Documents and Settings\Brandi\My Documents\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exeO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exeO4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missingO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cabO18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: Nls - C:\WINDOWS\system32\fplm0331e.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEO23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 You have the latest version of VX2. Download L2mfix from:http://www.atribune.org/downloads/l2mfix.exeSave the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first. Link to post Share on other sites
Shaun Posted December 9, 2005 Author Report Share Posted December 9, 2005 L2MFIX find log 120305These are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]@="""DLLName"="igfxsrvc.dll""Asynchronous"=dword:00000001"Impersonate"=dword:00000001"Unlock"="WinlogonUnlockEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls]"Asynchronous"=dword:00000000"DllName"="C:\\WINDOWS\\system32\\fplm0331e.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{A71BF27B-211A-A5BC-B891-75E38D1EE4DE}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet""{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page""{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler""{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression""{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase""{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras""{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address""{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List""{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="History""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager""{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator""{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard""{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache""{C4213067-97B3-4929-9B98-B5600FBBBA13}"="TouchED""{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online""{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders""{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler""{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension""{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player""{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{CD882CA8-441B-40CC-BCD7-259682558DBB}"="""{77BC4A9A-46DF-4E18-A6D5-12209A07A610}"="""{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension""{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension""{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}]@=""[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\InprocServer32]@="C:\\WINDOWS\\system32\\ghiplus.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}]@=""[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\InprocServer32]@="C:\\WINDOWS\\system32\\jZvaee.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}]@=""[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\InprocServer32]@="C:\\WINDOWS\\system32\\_S02786_.tmp.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\ 0ce80unc.dll Thu Dec 8 2005 7:02:12a A.... 22,016 21.50 K 0ce89y3o.dll Thu Dec 8 2005 7:02:14a A.... 39,936 39.00 K f22m0c~1.dll Fri Dec 9 2005 1:06:02p ..S.R 234,527 229.03 K fplm03~1.dll Fri Dec 9 2005 5:19:28a ..S.R 234,405 228.91 K jzvaee.dll Fri Dec 9 2005 1:06:02p ..... 234,405 228.91 K px.dll Wed Sep 14 2005 2:17:44p ..... 462,848 452.00 K pxdrv.dll Wed Sep 14 2005 2:17:44p ..... 319,488 312.00 K pxmas.dll Wed Sep 14 2005 2:17:44p ..... 143,360 140.00 K pxwave.dll Wed Sep 14 2005 2:17:44p ..... 286,720 280.00 K vxblock.dll Wed Sep 14 2005 2:17:44p ..... 28,672 28.00 K _s0278~1.dll Fri Dec 9 2005 5:19:28a ..S.R 234,272 228.78 K11 items found: 11 files (3 H/S), 0 directories. Total of file sizes: 2,240,649 bytes 2.14 MLocate .tmp files:C:\WINDOWS\SYSTEM32\ __dele~1.tmp Fri Dec 9 2005 1:08:02p A.... 234,405 228.91 K1 item found: 1 file, 0 directories. Total of file sizes: 234,405 bytes 228.91 K**********************************************************************************Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is C0AC-79E0 Directory of C:\WINDOWS\System3212/09/2005 01:06 PM 234,527 f22m0cf1ef2.dll12/09/2005 05:19 AM 234,272 _S02786_.tmp.dll12/09/2005 05:19 AM 234,405 fplm0331e.dll10/27/2005 10:48 AM <DIR> dllcache09/04/2004 01:36 AM 1,104 ChzlkXXS.9u107/20/2004 02:55 AM 1,104 Szep85lm.bua06/24/2004 10:27 PM 1,104 JqvGne.01706/24/2004 05:27 AM 1,104 AfxJiWVQ.9t006/24/2004 05:27 AM 1,104 Ejan.4zz06/21/2004 06:01 AM <DIR> Microsoft06/05/2004 01:56 AM 1,188 IpuFmd.016 9 File(s) 709,912 bytes 2 Dir(s) 17,769,000,960 bytes free Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 Close any programs you have open since this step requires a reboot.From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!If after the reboot the log does not open double click on it in the l2mfix folder. Link to post Share on other sites
Shaun Posted December 9, 2005 Author Report Share Posted December 9, 2005 Ok here it is...L2mfix Beta 120305Creating Account.The command completed successfully.Adding Administrative privleges. The command completed successfully.Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successfulC:\WINDOWS\System32\77BC4A9A-46DF-4E18-A6D5-12209A07A610.regC:\WINDOWS\System32\C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF.regC:\WINDOWS\System32\CD882CA8-441B-40CC-BCD7-259682558DBB.regChecking for L2MFix account(0=no 1=yes): 0**************************************************************************Logfile of HijackThis v1.99.1Scan saved at 1:55:35 PM, on 12/9/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEC:\WINDOWS\System32\DRIVERS\dcfssvc.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\System32\00THotkey.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\igfxtray.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Analog Devices\SoundMAX\PmProxy.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\toshiba\ivp\ism\pinger.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\ESPNRunTime\DIGServices.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\AIM\aim.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\PROGRA~1\Webshots\webshots.scrC:\WINDOWS\System32\wuauclt.exeC:\Documents and Settings\Brandi\My Documents\HijackThis.exeC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exeO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exeO4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missingO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cabO18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\fplm0331e.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEO23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 Can you try option 2 again it should make a log bigger than then one you posted... Link to post Share on other sites
Shaun Posted December 9, 2005 Author Report Share Posted December 9, 2005 It fell in the txt file report instead of log...i thinkL2MFIX find log 120305These are the registry keys present**********************************************************************************Winlogon/notify:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]@="""DLLName"="igfxsrvc.dll""Asynchronous"=dword:00000001"Impersonate"=dword:00000001"Unlock"="WinlogonUnlockEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls]"Asynchronous"=dword:00000000"DllName"="C:\\WINDOWS\\system32\\fplm0331e.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001**********************************************************************************useragent:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{A71BF27B-211A-A5BC-B891-75E38D1EE4DE}"=""**********************************************************************************Shell Extension key:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet""{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management""{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page""{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page""{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing""{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension""{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension""{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension""{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension""{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page""{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page""{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler""{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension""{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects""{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management""{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management""{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression""{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension""{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI""{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu""{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase""{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext""{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts""{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile""{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page""{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing""{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension""{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections""{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections""{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras""{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras""{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras""{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras""{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras""{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension""{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host""{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link""{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler""{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension""{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks""{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu""{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search""{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support""{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support""{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run...""{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet""{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail""{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts""{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools""{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler""{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler""{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler""{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler""{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler""{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor""{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar""{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status""{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder""{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2""{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy""{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand""{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band""{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band""{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search""{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search""{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility""{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address""{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox""{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete""{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor""{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List""{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List""{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible""{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar""{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser""{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List""{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List""{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container""{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu""{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp""{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar""{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite""{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist""{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings""{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band""{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service""{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer""{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture""{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut""{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service""{FF393560-C2A7-11CF-BFF4-444553540000}"="History""{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files""{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook""{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen""{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook""{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC""{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC""{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet""{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space""{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band""{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service""{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder""{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck""{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr""{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder""{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler""{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent""{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent""{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent""{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent""{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent""{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler""{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager""{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator""{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher""{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs""{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory""{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor""{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)""{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor""{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler""{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard""{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web""{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object""{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard""{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts""{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler""{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target""{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File""{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut""{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object""{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu""{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties""{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview""{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext""{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control""{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control""{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control""{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control""{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control""{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI""{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object""{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find""{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find""{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI""{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs""{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook""{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target""{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties""{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu""{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options""{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder""{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler""{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell""{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%""{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler""{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer""{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People...""{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler""{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler""{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler""{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache""{C4213067-97B3-4929-9B98-B5600FBBBA13}"="TouchED""{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online""{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders""{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions""{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults""{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension""{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler""{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler""{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler""{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension""{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension""{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player""{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes""{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page""{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions""{CD882CA8-441B-40CC-BCD7-259682558DBB}"="""{77BC4A9A-46DF-4E18-A6D5-12209A07A610}"="""{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension""{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension""{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}"=""**********************************************************************************HKEY ROOT CLASSIDS:Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}]@=""[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{CD882CA8-441B-40CC-BCD7-259682558DBB}\InprocServer32]@="C:\\WINDOWS\\system32\\ghiplus.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}]@=""[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{77BC4A9A-46DF-4E18-A6D5-12209A07A610}\InprocServer32]@="C:\\WINDOWS\\system32\\jZvaee.dll""ThreadingModel"="Apartment"Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}]@=""[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\Implemented Categories]@=""[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]@=""[HKEY_CLASSES_ROOT\CLSID\{C7741FA0-BD2B-4710-BF02-45A4DE1FCBFF}\InprocServer32]@="C:\\WINDOWS\\system32\\_S02786_.tmp.dll""ThreadingModel"="Apartment"**********************************************************************************Files Found are not all bad files:C:\WINDOWS\SYSTEM32\ 0ce80unc.dll Thu Dec 8 2005 7:02:12a A.... 22,016 21.50 K 0ce89y3o.dll Thu Dec 8 2005 7:02:14a A.... 39,936 39.00 K f22m0c~1.dll Fri Dec 9 2005 1:06:02p ..S.R 234,527 229.03 K fplm03~1.dll Fri Dec 9 2005 5:19:28a ..S.R 234,405 228.91 K jzvaee.dll Fri Dec 9 2005 1:06:02p ..... 234,405 228.91 K px.dll Wed Sep 14 2005 2:17:44p ..... 462,848 452.00 K pxdrv.dll Wed Sep 14 2005 2:17:44p ..... 319,488 312.00 K pxmas.dll Wed Sep 14 2005 2:17:44p ..... 143,360 140.00 K pxwave.dll Wed Sep 14 2005 2:17:44p ..... 286,720 280.00 K vxblock.dll Wed Sep 14 2005 2:17:44p ..... 28,672 28.00 K _s0278~1.dll Fri Dec 9 2005 5:19:28a ..S.R 234,272 228.78 K11 items found: 11 files (3 H/S), 0 directories. Total of file sizes: 2,240,649 bytes 2.14 MLocate .tmp files:C:\WINDOWS\SYSTEM32\ __dele~1.tmp Fri Dec 9 2005 1:08:02p A.... 234,405 228.91 K1 item found: 1 file, 0 directories. Total of file sizes: 234,405 bytes 228.91 K**********************************************************************************Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is C0AC-79E0 Directory of C:\WINDOWS\System3212/09/2005 01:06 PM 234,527 f22m0cf1ef2.dll12/09/2005 05:19 AM 234,272 _S02786_.tmp.dll12/09/2005 05:19 AM 234,405 fplm0331e.dll10/27/2005 10:48 AM <DIR> dllcache09/04/2004 01:36 AM 1,104 ChzlkXXS.9u107/20/2004 02:55 AM 1,104 Szep85lm.bua06/24/2004 10:27 PM 1,104 JqvGne.01706/24/2004 05:27 AM 1,104 AfxJiWVQ.9t006/24/2004 05:27 AM 1,104 Ejan.4zz06/21/2004 06:01 AM <DIR> Microsoft06/05/2004 01:56 AM 1,188 IpuFmd.016 9 File(s) 709,912 bytes 2 Dir(s) 17,769,000,960 bytes free***********************************************************************Logfile of HijackThis v1.99.1Scan saved at 2:17:17 PM, on 12/9/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEC:\WINDOWS\System32\DRIVERS\dcfssvc.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Analog Devices\SoundMAX\PmProxy.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\toshiba\ivp\ism\pinger.exeC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\ESPNRunTime\DIGServices.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Brandi\My Documents\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exeO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exeO4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missingO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cabO18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\fplm0331e.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEO23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 Hmm it looks like you ran ootion 1 not option 2. Link to post Share on other sites
Shaun Posted December 9, 2005 Author Report Share Posted December 9, 2005 therock247uk said: Hmm it looks like you ran ootion 1 not option 2.I did option 2 gave me the same log as before...L2mfix Beta 120305Creating Account.The command completed successfully.Adding Administrative privleges. The command completed successfully.Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successfulC:\WINDOWS\System32\D0C2D0F9-13D3-4C9E-8DDC-B617D7B3632B.regChecking for L2MFix account(0=no 1=yes): 0 Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Click the Free Trial link under to "SpySweeper" to download the program.Install it. Once the program is installed, it will open.It will prompt you to update to the latest definitions, click Yes.Once the definitions are installed, click Options on the left side.Click the Sweep Options tab.Under What to Sweep please put a check next to the following:Sweep MemorySweep RegistrySweep CookiesSweep All User AccountsEnable Direct Disk SweepingSweep Contents of Compressed FilesSweep for RootkitsPlease UNCHECK Do not Sweep System Restore Folder.[*]Click Sweep Now on the left side.[*]Click the Start button.[*]When it's done scanning, click the Next button.[*]Make sure everything has a check next to it, then click the Next button.[*]It will remove all of the items found.[*]Click Session Log in the upper right corner, copy everything in that window.[*]Click the Summary tab and click Finish.[*]Paste the contents of the session log you copied into your next reply. Link to post Share on other sites
Shaun Posted December 9, 2005 Author Report Share Posted December 9, 2005 ********3:15 PM: | Start of Session, Friday, December 09, 2005 |3:15 PM: Spy Sweeper started3:15 PM: Sweep initiated using definitions version 5823:15 PM: Starting Memory Sweep3:16 PM: Found Adware: icannnews3:16 PM: Detected running threat: C:\WINDOWS\system32\omesvr32.dll (ID = 83)3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:16 PM: Detected running threat: C:\WINDOWS\system32\l2l60c3sef.dll (ID = 83)3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:18 PM: Found Adware: wfgtech3:18 PM: Detected running threat: C:\WINDOWS\system32\0ce80unc.dll (ID = 203552)3:18 PM: Detected running threat: C:\WINDOWS\system32\0ce89y3o.dll (ID = 203553)3:18 PM: Memory Sweep Complete, Elapsed Time: 00:02:383:18 PM: Starting Registry Sweep3:18 PM: Found Adware: cws-aboutblank3:18 PM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)3:18 PM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)3:18 PM: Found Adware: linkmaker3:18 PM: HKLM\software\classes\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129743)3:18 PM: HKCR\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129750)3:18 PM: Found Adware: minigolf3:18 PM: HKLM\software\minigolf\ (1 subtraces) (ID = 135062)3:18 PM: Found Adware: websearch toolbar3:18 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\ (2 subtraces) (ID = 146481)3:18 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow.dll (ID = 146496)3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)3:18 PM: Found Adware: wildmedia3:18 PM: HKCR\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146688)3:18 PM: HKLM\software\classes\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146699)3:18 PM: Found Adware: quicklink search toolbar3:18 PM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359437)3:18 PM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359440)3:18 PM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448)3:18 PM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449)3:18 PM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450)3:18 PM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451)3:18 PM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452)3:18 PM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453)3:18 PM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454)3:18 PM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455)3:18 PM: HKLM\software\ql\ (3 subtraces) (ID = 359458)3:18 PM: Found Adware: findthewebsiteyouneed hijacker3:18 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)3:18 PM: Found Adware: clientman3:18 PM: HKCR\appid\urlcli.dll\ (1 subtraces) (ID = 701476)3:18 PM: HKLM\software\classes\appid\urlcli.dll\ (1 subtraces) (ID = 701492)3:18 PM: HKCR\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727328)3:18 PM: HKLM\software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727357)3:18 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)3:18 PM: Found Adware: dollarrevenue3:18 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)3:18 PM: Found Adware: command3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)3:18 PM: Found Adware: bho_sep3:18 PM: HKU\S-1-5-18\software\sep\ (8 subtraces) (ID = 141642)3:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)3:18 PM: Registry Sweep Complete, Elapsed Time:00:00:213:18 PM: Starting Cookie Sweep3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:18 PM: Found Spy Cookie: abcsearch cookie3:18 PM: brandi@abcsearch[2].txt (ID = 2033)3:18 PM: Found Spy Cookie: adknowledge cookie3:18 PM: brandi@adknowledge[1].txt (ID = 2072)3:18 PM: Found Spy Cookie: hbmediapro cookie3:18 PM: brandi@adopt.hbmediapro[2].txt (ID = 2768)3:18 PM: Found Spy Cookie: adrevolver cookie3:18 PM: brandi@adrevolver[2].txt (ID = 2088)3:18 PM: brandi@adrevolver[3].txt (ID = 2088)3:18 PM: Found Spy Cookie: apmebf cookie3:18 PM: brandi@apmebf[2].txt (ID = 2229)3:18 PM: Found Spy Cookie: ask cookie3:18 PM: brandi@ask[1].txt (ID = 2245)3:18 PM: Found Spy Cookie: atlas dmt cookie3:18 PM: brandi@atdmt[1].txt (ID = 2253)3:18 PM: Found Spy Cookie: belnk cookie3:18 PM: brandi@ath.belnk[2].txt (ID = 2293)3:18 PM: Found Spy Cookie: atwola cookie3:18 PM: brandi@atwola[1].txt (ID = 2255)3:18 PM: Found Spy Cookie: azjmp cookie3:18 PM: brandi@azjmp[2].txt (ID = 2270)3:18 PM: Found Spy Cookie: banner cookie3:18 PM: brandi@banner[1].txt (ID = 2276)3:18 PM: brandi@belnk[2].txt (ID = 2292)3:18 PM: Found Spy Cookie: casalemedia cookie3:18 PM: brandi@casalemedia[1].txt (ID = 2354)3:18 PM: brandi@dist.belnk[1].txt (ID = 2293)3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:18 PM: Found Spy Cookie: exitexchange cookie3:18 PM: brandi@exitexchange[1].txt (ID = 2633)3:18 PM: Found Spy Cookie: findwhat cookie3:18 PM: brandi@findwhat[1].txt (ID = 2674)3:18 PM: Found Spy Cookie: go.com cookie3:18 PM: brandi@go[1].txt (ID = 2728)3:18 PM: brandi@go[2].txt (ID = 2728)3:18 PM: brandi@go[3].txt (ID = 2728)3:18 PM: Found Spy Cookie: clickandtrack cookie3:18 PM: brandi@hits.clickandtrack[2].txt (ID = 2397)3:18 PM: Found Spy Cookie: epilot cookie3:18 PM: brandi@ilclick.epilot[2].txt (ID = 2622)3:18 PM: Found Spy Cookie: maxserving cookie3:18 PM: brandi@maxserving[1].txt (ID = 2966)3:18 PM: Found Spy Cookie: nextag cookie3:18 PM: brandi@nextag[2].txt (ID = 5014)3:18 PM: Found Spy Cookie: paypopup cookie3:18 PM: brandi@paypopup[2].txt (ID = 3119)3:18 PM: Found Spy Cookie: overture cookie3:18 PM: brandi@perf.overture[1].txt (ID = 3106)3:18 PM: Found Spy Cookie: realmedia cookie3:18 PM: brandi@realmedia[1].txt (ID = 3235)3:18 PM: Found Spy Cookie: reliablestats cookie3:18 PM: brandi@stats1.reliablestats[1].txt (ID = 3254)3:18 PM: Found Spy Cookie: tradedoubler cookie3:18 PM: brandi@tradedoubler[2].txt (ID = 3575)3:18 PM: Found Spy Cookie: videodome cookie3:18 PM: brandi@videodome[1].txt (ID = 3638)3:18 PM: Found Spy Cookie: upspiral cookie3:18 PM: brandi@www.upspiral[2].txt (ID = 3615)3:18 PM: Found Spy Cookie: winantiviruspro cookie3:18 PM: brandi@www.winantiviruspro[2].txt (ID = 3690)3:18 PM: Found Spy Cookie: xiti cookie3:18 PM: brandi@xiti[1].txt (ID = 3717)3:18 PM: Found Spy Cookie: zedo cookie3:18 PM: brandi@zedo[2].txt (ID = 3762)3:18 PM: system@go[1].txt (ID = 2728)3:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:033:18 PM: Starting File Sweep3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:19 PM: Found Adware: 180search assistant/zango3:19 PM: c:\windows\system32\fleok (ID = -2147480556)3:19 PM: inst_0004[1].exe (ID = 203674)3:19 PM: Found Adware: look2me3:19 PM: appwrap[1].exe (ID = 65721)3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:20 PM: bw2.com (ID = 65721)3:20 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp444\a0124490.exe". Access is denied3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:21 PM: Found Adware: delfin3:21 PM: 4df33016-45ef-4fe2-b7de-af8a87 (ID = 57725)3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:22 PM: 52d86398-96cb-4ce7-b76e-a73936 (ID = 57716)3:23 PM: inst_0004.exe (ID = 203674)3:23 PM: ltndload[1].dll (ID = 203552)3:23 PM: 0ce80unc.dll (ID = 203552)3:23 PM: Found Adware: targetsaver3:23 PM: tsinstall_4_0_4_0_b4.exe (ID = 193496)3:23 PM: ltndmain[1].dll (ID = 203553)3:23 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp444\a0124518.exe". Access is denied3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:24 PM: 3d28b6d3-34d7-4ad1-b81f-919a27 (ID = 57781)3:24 PM: mfex-16.dat (ID = 144945)3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:25 PM: e4962307-cf35-4a28-99dc-361c44 (ID = 57718)3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:25 PM: Found Adware: dialerplatform3:25 PM: sportsinteraction.ico (ID = 58328)3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:25 PM: Found Adware: purityscan3:25 PM: a0124578.exe (ID = 73267)3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:26 PM: a7ab5c0d-dad3-44a0-a165-6b36fe (ID = 57692)3:26 PM: 42860d3a-a13a-42f4-b2c9-dce72f (ID = 57693)3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:26 PM: Found Adware: ezula ilookup3:26 PM: a0124580.exe (ID = 60560)3:26 PM: 11c54bd5-143e-4c32-b0e2-728fa3 (ID = 87579)3:27 PM: a0124565.exe (ID = 195128)3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:27 PM: a0124567.exe (ID = 195131)3:28 PM: a0124568.exe (ID = 195132)3:28 PM: iconu.exe (ID = 65721)3:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:28 PM: a0124521.exe (ID = 200314)3:28 PM: icont.exe (ID = 65722)3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:29 PM: a0124563.exe (ID = 185985)3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:30 PM: a0124573.exe (ID = 203611)3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:33 PM: a0124564.exe (ID = 193995)3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:35 PM: a0124566.exe (ID = 195130)3:36 PM: Found Adware: addestroyer3:36 PM: inneradinstall.log (ID = 49035)3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:38 PM: 0ce89y3o.dll (ID = 203553)3:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:38 PM: appwrap[1].exe (ID = 65739)3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:40 PM: a0124549.dll (ID = 159)3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:40 PM: a0124533.dll (ID = 163672)3:40 PM: a0124644.dll (ID = 159)3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:40 PM: a0124552.dll (ID = 163672)3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:41 PM: 5be6719c-fb86-4119-893e-60fefd (ID = 87579)3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:43 PM: mfex-23.dat (ID = 144945)3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:43 PM: Found Adware: keenvalue/perfectnav3:43 PM: a0124512.exe (ID = 64892)3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:44 PM: Found Adware: whenu searchbar/pricebandit3:44 PM: d2bd9f9d-a9f6-4552-868c-5577cf (ID = 129801)3:44 PM: mfex-17.dat (ID = 144945)3:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:46 PM: a0124587.dll (ID = 200308)3:46 PM: c10699a5-b9b0-42a5-9cc8-d28d96 (ID = 129770)3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:51 PM: appwrap[1].exe (ID = 65722)3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:52 PM: a0124527.dll (ID = 163672)3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:52 PM: mfex-24.dat (ID = 144945)3:53 PM: a0124583.dll (ID = 163672)3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:53 PM: mfex-37.dat (ID = 144945)3:54 PM: a0124586.dll (ID = 159)3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:54 PM: mfex-2.dat (ID = 144945)3:54 PM: Found Adware: adtech3:54 PM: a0124517.exe (ID = 203582)3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:55 PM: mfex-18.dat (ID = 144945)3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:58 PM: mfex-3.dat (ID = 144945)3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:59 PM: a0124604.dll (ID = 159)3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com3:59 PM: m4nqle551h.dll (ID = 159)3:59 PM: a0124588.dll (ID = 159)3:59 PM: a0124589.dll (ID = 163672)4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:00 PM: a0124520.exe (ID = 200311)4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:00 PM: omesvr32.dll (ID = 159)4:00 PM: a0124645.dll (ID = 159)4:01 PM: mfex-4.dat (ID = 144945)4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:01 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp402\a0118452.exe". Access is denied4:01 PM: tsuninst.exe (ID = 193501)4:01 PM: class-barrel (ID = 78229)4:01 PM: a0124576.dll (ID = 195129)4:01 PM: vocabulary (ID = 78283)4:01 PM: a0124574.exe (ID = 200300)4:01 PM: Found Adware: apropos4:01 PM: a0124572.exe (ID = 203610)4:01 PM: a0124577.exe (ID = 200309)4:01 PM: a0124575.exe (ID = 168558)4:01 PM: mfex-5.dat (ID = 144945)4:01 PM: mfex-1.dat (ID = 144946)4:01 PM: f22m0cf1ef2.dll (ID = 159)4:01 PM: mfex-6.dat (ID = 144945)4:01 PM: mfex-7.dat (ID = 144945)4:01 PM: mfex-19.dat (ID = 144945)4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:02 PM: mv06l9ds1.dll (ID = 159)4:02 PM: _s02786_.tmp.dll (ID = 163672)4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:02 PM: eanclass.dll (ID = 159)4:02 PM: a0124526.dll (ID = 144945)4:02 PM: mfex-20.dat (ID = 144945)4:03 PM: mfex-21.dat (ID = 144945)4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:03 PM: g422lefo1h2c.dll (ID = 159)4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:03 PM: f83213e9-cce7-4bed-be48-d8c0f4 (ID = 161460)4:03 PM: 8e63125c-4582-40e2-aed2-c80f54 (ID = 129805)4:03 PM: ccusapi.dll (ID = 159)4:03 PM: mfex-38.dat (ID = 144946)4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:03 PM: mfex-8.dat (ID = 144945)4:04 PM: a0124525.exe (ID = 144946)4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:06 PM: mfex-9.dat (ID = 144945)4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:07 PM: mfex-10.dat (ID = 144945)4:07 PM: mfex-11.dat (ID = 144945)4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:07 PM: mfex-22.dat (ID = 144945)4:07 PM: mfex-12.dat (ID = 144945)4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:10 PM: mfex-13.dat (ID = 144945)4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:10 PM: 9400[1].cab (ID = 200301)4:10 PM: mfex-14.dat (ID = 144945)4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:11 PM: 782e8e34-2fa5-4547-9f93-93352b (ID = 129799)4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: b5d24e.tmp (ID = 200301)4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:13 PM: a0124513.dll (ID = 166754)4:13 PM: tsupdate2[1].ini (ID = 193498)4:14 PM: mfex-15.dat (ID = 144945)4:14 PM: l2l60c3sef.dll (ID = 159)4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com4:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com4:14 PM: The Spy Commu Link to post Share on other sites
Shaun Posted December 9, 2005 Author Report Share Posted December 9, 2005 Logfile of HijackThis v1.99.1Scan saved at 5:09:25 PM, on 12/9/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEC:\WINDOWS\System32\DRIVERS\dcfssvc.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Analog Devices\SoundMAX\PmProxy.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\toshiba\ivp\ism\pinger.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\ESPNRunTime\DIGServices.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Brandi\My Documents\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exeO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exeO4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEO23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download AproposFix from here:http://swandog46.geekstogo.com/aproposfix.exeSave it to your desktop but do NOT run it yet.Then please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder. Link to post Share on other sites
Shaun Posted December 9, 2005 Author Report Share Posted December 9, 2005 Log of AproposFix v1 ************ Running from directory: C:\Documents and Settings\Brandi\Desktop\aproposfix************ Registry entries found: ************ No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished! ***************************************************************************Logfile of HijackThis v1.99.1Scan saved at 5:30:04 PM, on 12/9/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEC:\WINDOWS\System32\DRIVERS\dcfssvc.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Analog Devices\SoundMAX\PmProxy.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\toshiba\ivp\ism\pinger.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\ESPNRunTime\DIGServices.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Brandi\My Documents\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exeO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exeO4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEO23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 6600463762. Then post a new Hijackthis log here in a reply. Link to post Share on other sites
Shaun Posted December 9, 2005 Author Report Share Posted December 9, 2005 Logfile of HijackThis v1.99.1Scan saved at 5:37:05 PM, on 12/9/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEC:\WINDOWS\System32\DRIVERS\dcfssvc.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Analog Devices\SoundMAX\PmProxy.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\toshiba\ivp\ism\pinger.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\ESPNRunTime\DIGServices.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\Brandi\My Documents\HijackThis.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exeO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exeO4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEO23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 Your log is clean Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis. Link to post Share on other sites
Matt Posted December 15, 2005 Report Share Posted December 15, 2005 This thread is being closed because it has been resolved. If you would like it to be reopened please a member of the Moderating team.Matt Link to post Share on other sites
Recommended Posts