Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Need Major HELP!


  • This topic is locked This topic is locked
8 replies to this topic

#1 rebelbassfishr

rebelbassfishr

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 16 March 2006 - 03:46 PM

i need some serious help......i have no idea how to get rid of this off of my computer.....it has installed 2 anti viruses and keeps changing my back ground on my desktop........ heres my hijackthis log please help..... two other forums couldnt resolve.......


Logfile of HijackThis v1.99.1
Scan saved at 3:42:25 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\msdbqkl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\?ti2evxx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\CROSOF~1\msconfig.exe
c:\program files\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\WINDOWS\osaupd.exe
C:\WINDOWS\wupdmgr.exe
C:\Documents and Settings\William\Desktop\New Folder (2)\HijackThis.exe

R3 - URLSearchHook: (no name) - _{94002F46-B5D9-B35B-A1F8-E33BF70175C1} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [msdbqklA] C:\WINDOWS\msdbqklA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms049063838-186] C:\WINDOWS\ms049063838-186.exe
O4 - HKLM\..\Run: [{85-59-96-62-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Nqebi] C:\WINDOWS\system32\?ti2evxx.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Wuot] "C:\WINDOWS\system32\CROSOF~1\msconfig.exe" -vt mt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE" /q C:\PROGRA~1\NEWDOT~1\virus.SH!
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\twinqrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\qpdsrego.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com/mothership.aspx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.co...l/azesearch.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: winszd32 - C:\WINDOWS\SYSTEM32\winszd32.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\msdbqkl.exe (file missing)

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 17 March 2006 - 03:48 PM

Hello rebelbassfishr, Welcome to the forum.

You have quite a collection there. Lets start with these.

This is what I suggest you do.


Please do not delete anything unless instructed to.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 rebelbassfishr

rebelbassfishr

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 18 March 2006 - 10:55 AM

Alright my computer has been running slower than normal....i mean extremely slower.....i have two

programs in the right hand corner of my toolbar constantly running and warning me or spyware and

virus infections....ones a yellow triangle with a white exclamtion mark in the middle and the other is a

yellow circle with a black exclamation mark.....also a lot of the time i get and error message popping

up reading....

This is a system security alert. Please read this message carefully.

It was found that your PC is now infected with spyware, malicious software that puts your system

under considerable risk. Unless you download and run special anti-spyware software, the infections

on your system can decrease performance, delete critical system components, steal you passwords

and credit card information.
Protect you PC now || download anti-spyware tools that will scan your system for infections and

remove them.

Click "OK" to get special offers and download links on anti-spyware tools.

that message pops up every 10-15 minutes...then it has ok and cancel side by side at the bottom.

also a program called adware reviews keeps putting itself on my computer......and my background on

my desktop keeps chaning itself....it reads

WARNING!
Your computer might be infected by spyware, adware or similar malicious programs!
and goes on saying about how my desktop keeps changing because its infected and i need to
download this software.......

also i failed to mention that 5 processes that are not normaly on my process list are.....
twinqrag.exe .... win320938-18690638.exe ....... qpdsrego.exe ...... wupdmgr.exe ..... and osaupd.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:36:04 AM, 3/18/2006
+ Report-Checksum: DFAE05B4

+ Scan result:

C:\Documents and Settings\William\Cookies\william@ad.yieldmanager[2].txt ->

Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\William\Cookies\william@adopt.specificclick[2].txt ->

Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\William\Cookies\william@burstnet[2].txt ->

Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\William\Cookies\william@partygaming.122.2o7[1].txt ->

Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\William\Cookies\william@www.burstbeacon[1].txt ->

Spyware.Cookie.Burstbeacon : Cleaned with backup


C:\RECYCLER\S-1-5-21-606747145-1677128483-839522115-500\Dc1.exe/whAgent.exe ->

Spyware.WebHancer : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\offun.exe.tcf -> Downloader.VB.nw : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:49:42 AM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\win320938-18690638.exe
C:\WINDOWS\system32\twinqrag.exe
C:\WINDOWS\system32\?ti2evxx.exe
C:\WINDOWS\system32\CROSOF~1\msconfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\wupdmgr.exe
C:\WINDOWS\osaupd.exe
C:\WINDOWS\system32\Brmfrmps.exe
c:\windows\system32\qpdsrego.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\William\Desktop\New Folder (2)\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - _{94002F46-B5D9-B35B-A1F8-E33BF70175C1} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} -

C:\WINDOWS\system32\w9seq.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe

E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe

/startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [msdbqklA] C:\WINDOWS\msdbqklA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [{85-59-96-62-ZN}] c:\windows\system32\qpdsrego.exe CORN001
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [win320938-18690638] C:\WINDOWS\win320938-18690638.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\twinqrag.exe CORN001
O4 - HKCU\..\Run: [Nqebi] C:\WINDOWS\system32\?ti2evxx.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [Wuot] "C:\WINDOWS\system32\CROSOF~1\msconfig.exe" -vt mt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web

Folders\ibm00001.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\twinqrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program

files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com/mothership.aspx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media

Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} -

http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -

http://www.azebar.co...l/azesearch.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) -

http://www.intel.com...did/BoardID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: winszd32 - C:\WINDOWS\SYSTEM32\winszd32.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown

owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. -

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network

Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\msdbqkl.exe

(file missing)

Edited by rebelbassfishr, 18 March 2006 - 11:01 AM.


#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 March 2006 - 11:08 AM

Those warnings are from the CrapWare you have be infected with.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Please turn Wordwrap OFF before posting the new HJT log .

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 rebelbassfishr

rebelbassfishr

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 18 March 2006 - 04:08 PM

seems to be running fine now thanks for you help.....but just in case here's the hijackthis log and the spysweeper log.......

Logfile of HijackThis v1.99.1
Scan saved at 3:59:58 PM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\win320938-18690638.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\William\Desktop\New Folder (2)\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - _{94002F46-B5D9-B35B-A1F8-E33BF70175C1} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [msdbqklA] C:\WINDOWS\msdbqklA.exe
O4 - HKLM\..\Run: [win320938-18690638] C:\WINDOWS\win320938-18690638.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [Wuot] "C:\WINDOWS\system32\CROSOF~1\msconfig.exe" -vt mt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com/mothership.aspx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dvd4free - dvd4free.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: winszd32 - C:\WINDOWS\SYSTEM32\winszd32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


********
2:49 PM: | Start of Session, Saturday, March 18, 2006 |
2:49 PM: Spy Sweeper started
2:49 PM: Sweep initiated using definitions version 636
2:49 PM: Starting Memory Sweep
2:49 PM: Found Adware: quicklink search toolbar
2:49 PM: Detected running threat: C:\WINDOWS\system32\w9seq.dll (ID = 259795)
2:49 PM: Found Trojan Horse: trojan-downloader-balloon
2:49 PM: Detected running threat: C:\WINDOWS\wupdmgr.exe (ID = 258280)
2:50 PM: Detected running threat: C:\WINDOWS\osaupd.exe (ID = 258280)
2:51 PM: Found Adware: purityscan
2:51 PM: Detected running threat: C:\WINDOWS\system32\?ti2evxx.exe (ID = 230)
2:51 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run || Nqebi (ID = 0)
2:51 PM: Detected running threat: C:\WINDOWS\system32\??crosoft\msconfig.exe (ID = 230)
2:52 PM: Memory Sweep Complete, Elapsed Time: 00:03:23
2:52 PM: Starting Registry Sweep
2:52 PM: Found Adware: azsearch toolbar
2:52 PM: HKLM\software\microsoft\code store database\distribution units\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}\ (9 subtraces) (ID = 103943)
2:52 PM: Found Adware: browseraid
2:52 PM: HKLM\software\microsoft\windows\currentversion\run\ || 98d0ce0c16b1 (ID = 105156)
2:52 PM: HKLM\software\microsoft\windows\currentversion\run\ || a70f6a1d-0195-42a2-934c-d8ac0f7c08eb (ID = 105157)
2:53 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
2:53 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
2:53 PM: Found Adware: surfsidekick
2:53 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
2:53 PM: Found Adware: zenosearchassistant
2:53 PM: HKLM\software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno\ (2 subtraces) (ID = 147934)
2:53 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno search assistant\ (2 subtraces) (ID = 147935)
2:53 PM: Found Adware: visfx
2:53 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
2:53 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
2:53 PM: Found Adware: winantispyware 2005
2:53 PM: HKCR\compcleancore.appcleane\ (5 subtraces) (ID = 812589)
2:53 PM: HKCR\compcleancore.appcleane.1\ (3 subtraces) (ID = 812595)
2:53 PM: HKCR\compcleancore.cquickscan\ (5 subtraces) (ID = 812599)
2:53 PM: HKCR\compcleancore.cquickscan.1\ (3 subtraces) (ID = 812605)
2:53 PM: HKCR\compcleancore.filecleane\ (5 subtraces) (ID = 812609)
2:53 PM: HKCR\compcleancore.filecleane.1\ (3 subtraces) (ID = 812615)
2:53 PM: HKCR\compcleancore.inetcleane\ (5 subtraces) (ID = 812619)
2:53 PM: HKCR\compcleancore.inetcleane.1\ (3 subtraces) (ID = 812625)
2:53 PM: HKCR\compcleancore.regcleane\ (5 subtraces) (ID = 812629)
2:53 PM: HKCR\compcleancore.regcleane.1\ (3 subtraces) (ID = 812635)
2:53 PM: HKCR\compcleancore.systemcleane\ (5 subtraces) (ID = 812639)
2:53 PM: HKCR\compcleancore.systemcleane.1\ (3 subtraces) (ID = 812645)
2:53 PM: HKCR\df_fixer.fixe\ (5 subtraces) (ID = 812649)
2:53 PM: HKCR\df_fixer.fixe.1\ (3 subtraces) (ID = 812655)
2:53 PM: HKCR\df_proxy.drivermanipulat\ (5 subtraces) (ID = 812659)
2:53 PM: HKCR\df_proxy.drivermanipulat.1\ (3 subtraces) (ID = 812665)
2:53 PM: HKCR\ffwraper.ffenginwrape\ (5 subtraces) (ID = 812669)
2:53 PM: HKCR\ffwraper.ffenginwrape.1\ (3 subtraces) (ID = 812675)
2:53 PM: HKCR\fixcore.mmfixcor\ (5 subtraces) (ID = 812679)
2:53 PM: HKCR\fixcore.mmfixcor.1\ (3 subtraces) (ID = 812685)
2:53 PM: HKCR\flfxr.flfixer\ (3 subtraces) (ID = 812689)
2:53 PM: HKCR\mmfixctrl.cofixengin\ (5 subtraces) (ID = 812693)
2:53 PM: HKCR\mmfixctrl.cofixengin.1\ (3 subtraces) (ID = 812699)
2:53 PM: HKCR\pcheck.pcheck\ (5 subtraces) (ID = 812703)
2:53 PM: HKCR\pcheck.pcheck.1\ (3 subtraces) (ID = 812709)
2:53 PM: HKCR\appid\compcl.dll\ (1 subtraces) (ID = 812722)
2:53 PM: HKCR\appid\ffwrape.dll\ (1 subtraces) (ID = 812724)
2:53 PM: HKCR\appid\fixcor.dll\ (1 subtraces) (ID = 812726)
2:53 PM: HKCR\appid\mmfixctr.dll\ (1 subtraces) (ID = 812728)
2:53 PM: HKCR\appid\pcheck.dll\ (1 subtraces) (ID = 812730)
2:53 PM: HKCR\appid\{133d56d3-f40c-4073-a219-f1d8c319aade}\ (1 subtraces) (ID = 812732)
2:53 PM: HKCR\appid\{aacd62b9-6292-4c3f-909a-4f47bc860917}\ (1 subtraces) (ID = 812735)
2:53 PM: HKCR\appid\{b5275135-5cde-4b00-b669-67eee11fb691}\ (1 subtraces) (ID = 812737)
2:53 PM: HKCR\appid\{e136b475-884f-49be-92ae-9f399e6b2277}\ (1 subtraces) (ID = 812739)
2:53 PM: HKCR\clsid\{0ad69724-fcc3-440a-9ace-ebcf5175c2d9}\ (12 subtraces) (ID = 812741)
2:53 PM: HKCR\clsid\{11bbb65e-b3f3-4bc7-b927-3cd7cfe8571e}\ (12 subtraces) (ID = 812754)
2:53 PM: HKCR\clsid\{1e9c908f-962a-4cf4-9a6a-cd50a2ed2965}\ (4 subtraces) (ID = 812767)
2:53 PM: HKCR\clsid\{4a7eae6a-00a6-4167-a026-e09c0748c676}\ (12 subtraces) (ID = 812772)
2:53 PM: HKCR\clsid\{4b2df42b-9d7f-4471-92d1-d32e39b5f864}\ (4 subtraces) (ID = 812785)
2:53 PM: HKCR\clsid\{542862a0-9b06-4b37-9494-430aacde1b48}\ (21 subtraces) (ID = 812790)
2:53 PM: HKCR\clsid\{7422da06-7834-4703-9209-442e3a0abee9}\ (12 subtraces) (ID = 812812)
2:53 PM: HKCR\clsid\{7f0e7e0a-3386-464f-a0f0-3683782c1227}\ (12 subtraces) (ID = 812825)
2:53 PM: HKCR\clsid\{8ec5abc2-0b35-43d4-82e0-c54f72d78976}\ (21 subtraces) (ID = 812844)
2:53 PM: HKCR\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\ (10 subtraces) (ID = 812866)
2:53 PM: HKCR\clsid\{a9e29c93-2086-4ea6-8f54-7e5f1849b59a}\ (12 subtraces) (ID = 812877)
2:53 PM: HKCR\clsid\{af78faab-79e9-4c95-bfa5-2b6da5ec29c9}\ (12 subtraces) (ID = 812890)
2:53 PM: HKCR\clsid\{b1f31ac7-8876-475b-89f0-df3f3e1359eb}\ (12 subtraces) (ID = 812903)
2:53 PM: HKCR\clsid\{d4060dc6-c043-4ddd-a9d3-3149fb024d03}\ (12 subtraces) (ID = 812916)
2:53 PM: HKCR\clsid\{d8cedc28-27f1-4aa7-ab59-3aadb1c8b47b}\ (4 subtraces) (ID = 812929)
2:53 PM: HKCR\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (15 subtraces) (ID = 812934)
2:53 PM: HKCR\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 812960)
2:53 PM: HKCR\typelib\{42a860e7-6f32-4191-94e8-08b6ab251e91}\ (9 subtraces) (ID = 812970)
2:53 PM: HKCR\typelib\{776081cc-ae15-4ac7-a3db-bd929c201694}\ (9 subtraces) (ID = 812980)
2:53 PM: HKCR\typelib\{8ba69d29-ae03-4ab2-b424-dded400e4804}\ (9 subtraces) (ID = 812990)
2:53 PM: HKCR\typelib\{b23f7271-53cb-4bb3-91af-3b98557baeac}\ (9 subtraces) (ID = 813000)
2:53 PM: HKCR\typelib\{c293551a-cc48-4d7f-9396-2ed35c4548d2}\ (9 subtraces) (ID = 813010)
2:53 PM: HKCR\typelib\{c8122510-d163-4c89-95ef-88972d5a56b1}\ (9 subtraces) (ID = 813020)
2:53 PM: HKCR\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\ (9 subtraces) (ID = 813030)
2:53 PM: HKLM\system\currentcontrolset\control\safeboot\minimal\dfd.sys\ (1 subtraces) (ID = 813075)
2:53 PM: HKLM\system\currentcontrolset\control\safeboot\network\dfd.sys\ (1 subtraces) (ID = 813077)
2:53 PM: HKLM\software\winfixer2005\ (5 subtraces) (ID = 813086)
2:53 PM: HKLM\software\classes\compcleancore.appcleane\ (5 subtraces) (ID = 813091)
2:53 PM: HKLM\software\classes\compcleancore.appcleane.1\ (3 subtraces) (ID = 813097)
2:53 PM: HKLM\software\classes\compcleancore.cquickscan\ (5 subtraces) (ID = 813101)
2:53 PM: HKLM\software\classes\compcleancore.cquickscan.1\ (3 subtraces) (ID = 813107)
2:53 PM: HKLM\software\classes\compcleancore.filecleane\ (5 subtraces) (ID = 813111)
2:53 PM: HKLM\software\classes\compcleancore.filecleane.1\ (3 subtraces) (ID = 813117)
2:53 PM: HKLM\software\classes\compcleancore.inetcleane\ (5 subtraces) (ID = 813121)
2:53 PM: HKLM\software\classes\compcleancore.regcleane\ (5 subtraces) (ID = 813131)
2:53 PM: HKLM\software\classes\compcleancore.systemcleane\ (5 subtraces) (ID = 813141)
2:53 PM: HKLM\software\classes\df_fixer.fixe\ (5 subtraces) (ID = 813151)
2:53 PM: HKLM\software\classes\df_fixer.fixe.1\ (3 subtraces) (ID = 813157)
2:53 PM: HKLM\software\classes\df_proxy.drivermanipulat\ (5 subtraces) (ID = 813161)
2:53 PM: HKLM\software\classes\df_proxy.drivermanipulat.1\ (3 subtraces) (ID = 813167)
2:53 PM: HKLM\software\classes\ffwraper.ffenginwrape\ (5 subtraces) (ID = 813171)
2:53 PM: HKLM\software\classes\fixcore.mmfixcor\ (5 subtraces) (ID = 813181)
2:53 PM: HKLM\software\classes\flfxr.flfixer\ (3 subtraces) (ID = 813191)
2:53 PM: HKLM\software\classes\mmfixctrl.cofixengin\ (5 subtraces) (ID = 813195)
2:53 PM: HKLM\software\classes\pcheck.pcheck\ (5 subtraces) (ID = 813205)
2:53 PM: HKLM\software\classes\pcheck.pcheck.1\ (3 subtraces) (ID = 813211)
2:53 PM: HKLM\software\classes\appid\compcl.dll\ (1 subtraces) (ID = 813224)
2:53 PM: HKLM\software\classes\appid\ffwrape.dll\ (1 subtraces) (ID = 813226)
2:53 PM: HKLM\software\classes\appid\fixcor.dll\ (1 subtraces) (ID = 813228)
2:53 PM: HKLM\software\classes\appid\mmfixctr.dll\ (1 subtraces) (ID = 813230)
2:53 PM: HKLM\software\classes\appid\pcheck.dll\ (1 subtraces) (ID = 813232)
2:53 PM: HKLM\software\classes\appid\{133d56d3-f40c-4073-a219-f1d8c319aade}\ (1 subtraces) (ID = 813234)
2:53 PM: HKLM\software\classes\appid\{aacd62b9-6292-4c3f-909a-4f47bc860917}\ (1 subtraces) (ID = 813237)
2:53 PM: HKLM\software\classes\appid\{b5275135-5cde-4b00-b669-67eee11fb691}\ (1 subtraces) (ID = 813239)
2:53 PM: HKLM\software\classes\appid\{e136b475-884f-49be-92ae-9f399e6b2277}\ (1 subtraces) (ID = 813241)
2:53 PM: HKLM\software\classes\clsid\{0ad69724-fcc3-440a-9ace-ebcf5175c2d9}\ (12 subtraces) (ID = 813243)
2:53 PM: HKLM\software\classes\clsid\{11bbb65e-b3f3-4bc7-b927-3cd7cfe8571e}\ (12 subtraces) (ID = 813256)
2:53 PM: HKLM\software\classes\clsid\{1e9c908f-962a-4cf4-9a6a-cd50a2ed2965}\ (4 subtraces) (ID = 813269)
2:53 PM: HKLM\software\classes\clsid\{4a7eae6a-00a6-4167-a026-e09c0748c676}\ (12 subtraces) (ID = 813274)
2:53 PM: HKLM\software\classes\clsid\{4b2df42b-9d7f-4471-92d1-d32e39b5f864}\ (4 subtraces) (ID = 813287)
2:53 PM: HKLM\software\classes\clsid\{542862a0-9b06-4b37-9494-430aacde1b48}\ (21 subtraces) (ID = 813292)
2:53 PM: HKLM\software\classes\clsid\{7422da06-7834-4703-9209-442e3a0abee9}\ (12 subtraces) (ID = 813314)
2:53 PM: HKLM\software\classes\clsid\{7f0e7e0a-3386-464f-a0f0-3683782c1227}\ (12 subtraces) (ID = 813327)
2:53 PM: HKLM\software\classes\clsid\{8ec5abc2-0b35-43d4-82e0-c54f72d78976}\ (21 subtraces) (ID = 813346)
2:53 PM: HKLM\software\classes\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\ (10 subtraces) (ID = 813368)
2:53 PM: HKLM\software\classes\clsid\{a9e29c93-2086-4ea6-8f54-7e5f1849b59a}\ (12 subtraces) (ID = 813379)
2:53 PM: HKLM\software\classes\clsid\{af78faab-79e9-4c95-bfa5-2b6da5ec29c9}\ (12 subtraces) (ID = 813392)
2:53 PM: HKLM\software\classes\clsid\{b1f31ac7-8876-475b-89f0-df3f3e1359eb}\ (12 subtraces) (ID = 813405)
2:53 PM: HKLM\software\classes\clsid\{d4060dc6-c043-4ddd-a9d3-3149fb024d03}\ (12 subtraces) (ID = 813418)
2:53 PM: HKLM\software\classes\clsid\{d8cedc28-27f1-4aa7-ab59-3aadb1c8b47b}\ (4 subtraces) (ID = 813431)
2:53 PM: HKLM\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (15 subtraces) (ID = 813436)
2:53 PM: HKLM\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 813462)
2:53 PM: HKLM\software\classes\typelib\{42a860e7-6f32-4191-94e8-08b6ab251e91}\ (9 subtraces) (ID = 813472)
2:53 PM: HKLM\software\classes\typelib\{776081cc-ae15-4ac7-a3db-bd929c201694}\ (9 subtraces) (ID = 813482)
2:53 PM: HKLM\software\classes\typelib\{8ba69d29-ae03-4ab2-b424-dded400e4804}\ (9 subtraces) (ID = 813492)
2:53 PM: HKLM\software\classes\typelib\{b23f7271-53cb-4bb3-91af-3b98557baeac}\ (9 subtraces) (ID = 813502)
2:53 PM: HKLM\software\classes\typelib\{c293551a-cc48-4d7f-9396-2ed35c4548d2}\ (9 subtraces) (ID = 813512)
2:53 PM: HKLM\software\classes\typelib\{c8122510-d163-4c89-95ef-88972d5a56b1}\ (9 subtraces) (ID = 813522)
2:53 PM: HKLM\software\classes\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\ (9 subtraces) (ID = 813532)
2:53 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\prcheck.dll (ID = 819067)
2:53 PM: Found Adware: weirdontheweb
2:53 PM: HKCR\amnotifier.hubawindow\ (5 subtraces) (ID = 866632)
2:53 PM: HKCR\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866638)
2:53 PM: Found Adware: mediapipe
2:53 PM: HKCR\downloadmanager.manager\ (5 subtraces) (ID = 866642)
2:53 PM: HKCR\downloadmanager.manager.1\ (3 subtraces) (ID = 866648)
2:53 PM: HKCR\mpagent.agent\ (5 subtraces) (ID = 866662)
2:53 PM: HKCR\mpagent.agent.1\ (3 subtraces) (ID = 866668)
2:53 PM: HKCR\appid\amnotifier.exe\ (1 subtraces) (ID = 866682)
2:53 PM: HKCR\appid\downloadmanager.exe\ (1 subtraces) (ID = 866684)
2:53 PM: HKCR\appid\mpagent.dll\ (1 subtraces) (ID = 866688)
2:53 PM: HKCR\appid\trayicon.exe\ (1 subtraces) (ID = 866692)
2:53 PM: HKCR\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866694)
2:53 PM: HKCR\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866698)
2:53 PM: HKCR\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866702)
2:53 PM: HKCR\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866704)
2:53 PM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866706)
2:53 PM: HKCR\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 866735)
2:53 PM: Found Trojan Horse: p2pnetwork
2:53 PM: HKCR\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 866747)
2:53 PM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 866796)
2:53 PM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 866816)
2:53 PM: HKCR\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 866826)
2:53 PM: HKCR\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 866836)
2:53 PM: HKLM\software\mediapipe\ (16 subtraces) (ID = 866893)
2:53 PM: HKLM\software\classes\amnotifier.hubawindow\ (5 subtraces) (ID = 866911)
2:53 PM: HKLM\software\classes\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866917)
2:53 PM: HKLM\software\classes\amnotifier.hubawindow.1\clsid\ (1 subtraces) (ID = 866919)
2:53 PM: HKLM\software\classes\downloadmanager.manager\ (5 subtraces) (ID = 866921)
2:53 PM: HKLM\software\classes\downloadmanager.manager.1\ (3 subtraces) (ID = 866927)
2:53 PM: HKLM\software\classes\mpagent.agent\ (5 subtraces) (ID = 866941)
2:53 PM: HKLM\software\classes\mpagent.agent.1\ (3 subtraces) (ID = 866947)
2:53 PM: HKLM\software\classes\appid\amnotifier.exe\ (1 subtraces) (ID = 866961)
2:53 PM: HKLM\software\classes\appid\downloadmanager.exe\ (1 subtraces) (ID = 866963)
2:53 PM: HKLM\software\classes\appid\mpagent.dll\ (1 subtraces) (ID = 866967)
2:53 PM: HKLM\software\classes\appid\trayicon.exe\ (1 subtraces) (ID = 866971)
2:53 PM: HKLM\software\classes\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866973)
2:53 PM: HKLM\software\classes\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866977)
2:53 PM: HKLM\software\classes\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866981)
2:53 PM: HKLM\software\classes\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866983)
2:53 PM: HKLM\software\classes\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866985)
2:53 PM: HKLM\software\classes\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 867014)
2:53 PM: HKLM\software\classes\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 867026)
2:53 PM: HKLM\software\classes\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 867075)
2:53 PM: HKLM\software\classes\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 867095)
2:53 PM: HKLM\software\classes\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 867105)
2:53 PM: HKLM\software\classes\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 867115)
2:53 PM: HKLM\software\microsoft\windows\currentversion\run\ || mediapipe p2p loader (ID = 867145)
2:53 PM: Found Adware: enbrowser
2:53 PM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808)
2:53 PM: Found Trojan Horse: trojan agent winlogonhook
2:53 PM: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
2:53 PM: Found Adware: command
2:53 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
2:53 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
2:53 PM: HKLM\software\altpayv2\ (22 subtraces) (ID = 1028092)
2:53 PM: HKLM\software\microsoft\windows\currentversion\uninstall\altpayv2\ (2 subtraces) (ID = 1028102)
2:53 PM: HKLM\software\microsoft\windows\currentversion\run\ || themonitor (ID = 1028873)
2:53 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1075246)
2:53 PM: Found Adware: spyaxe fakealert
2:53 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {a1d9d3f0-8c2a-9a1d-a376-2cacfb10ab72} (ID = 1099808)
2:53 PM: Found Adware: elitemediagroup-pop64
2:53 PM: HKLM\software\microsoft\code store database\distribution units\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (7 subtraces) (ID = 1122691)
2:53 PM: HKLM\software\microsoft\windows\currentversion\uninstall\azesearch\ (2 subtraces) (ID = 1158361)
2:53 PM: HKCR\balloon.application\ (3 subtraces) (ID = 1177065)
2:53 PM: HKCR\clsid\{1ca7dbaf-b066-4554-977e-5cebb7fa59c8}\ (7 subtraces) (ID = 1177075)
2:53 PM: HKLM\software\classes\balloon.application\ (3 subtraces) (ID = 1177159)
2:53 PM: HKLM\software\classes\clsid\{1ca7dbaf-b066-4554-977e-5cebb7fa59c8}\ (7 subtraces) (ID = 1177169)
2:53 PM: HKLM\software\classes\clsid\{1ca7dbaf-b066-4554-977e-5cebb7fa59c8}\progid\ (1 subtraces) (ID = 1177175)
2:53 PM: HKCR\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180460)
2:53 PM: HKCR\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180464)
2:53 PM: HKCR\fseytdc.yvakt\ (3 subtraces) (ID = 1180468)
2:53 PM: HKCR\fseytdc.yvakt.1\ (3 subtraces) (ID = 1180472)
2:53 PM: HKLM\software\classes\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180510)
2:53 PM: HKLM\software\classes\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180514)
2:53 PM: HKLM\software\classes\fseytdc.yvakt\ (3 subtraces) (ID = 1180518)
2:53 PM: HKLM\software\classes\fseytdc.yvakt.1\ (3 subtraces) (ID = 1180522)
2:53 PM: Found Adware: dollarrevenue
2:53 PM: HKCR\typelib\{3a76a523-4fbc-487c-a94f-a94ea80e48ef}\ (9 subtraces) (ID = 1198901)
2:53 PM: HKLM\software\oj1vshp3a\ (3 subtraces) (ID = 1198933)
2:53 PM: HKLM\software\classes\typelib\{3a76a523-4fbc-487c-a94f-a94ea80e48ef}\ (9 subtraces) (ID = 1198962)
2:53 PM: Found Adware: spyfalcon fakealert
2:53 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {c9fa1dc9-1fb3-c2a8-2f1a-dc1a33e7af9d} (ID = 1199235)
2:53 PM: HKLM\software\microsoft\windows\currentversion\uninstall\jgaf\ || uninstallstring (ID = 1199465)
2:53 PM: HKU\WRSS_Profile_S-1-5-21-606747145-1677128483-839522115-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
2:53 PM: HKU\WRSS_Profile_S-1-5-21-606747145-1677128483-839522115-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\system\sysuid\ (1 subtraces) (ID = 731748)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\winfixer2005\ (19 subtraces) (ID = 813040)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\classes\clsid\{a1d9d3f0-8c2a-9a1d-a376-2cacfb10ab72}\ (3 subtraces) (ID = 1048145)
2:53 PM: Found Trojan Horse: trojan-backdoor-us15info
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\microsoft\windows\currentversion\run\ || Shell (ID = 1126079)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\microsoft\windows\currentversion\run\ || cu1 (ID = 1140965)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\microsoft\windows\currentversion\run\ || cu2 (ID = 1140966)
2:53 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\software\classes\clsid\{c9fa1dc9-1fb3-c2a8-2f1a-dc1a33e7af9d}\ (3 subtraces) (ID = 1199234)
2:53 PM: Registry Sweep Complete, Elapsed Time:00:00:23
2:53 PM: Starting Cookie Sweep
2:53 PM: Found Spy Cookie: yieldmanager cookie
2:53 PM: william@ad.yieldmanager[2].txt (ID = 3751)
2:53 PM: Found Spy Cookie: adknowledge cookie
2:53 PM: william@adknowledge[2].txt (ID = 2072)
2:53 PM: Found Spy Cookie: hbmediapro cookie
2:53 PM: william@adopt.hbmediapro[2].txt (ID = 2768)
2:53 PM: Found Spy Cookie: addynamix cookie
2:53 PM: william@ads.addynamix[2].txt (ID = 2062)
2:53 PM: Found Spy Cookie: advertising cookie
2:53 PM: william@advertising[1].txt (ID = 2175)
2:53 PM: Found Spy Cookie: atwola cookie
2:53 PM: william@ar.atwola[1].txt (ID = 2256)
2:53 PM: Found Spy Cookie: falkag cookie
2:53 PM: william@as-us.falkag[2].txt (ID = 2650)
2:53 PM: Found Spy Cookie: atlas dmt cookie
2:53 PM: william@atdmt[2].txt (ID = 2253)
2:53 PM: william@atwola[1].txt (ID = 2255)
2:53 PM: Found Spy Cookie: azjmp cookie
2:53 PM: william@azjmp[1].txt (ID = 2270)
2:53 PM: Found Spy Cookie: belnk cookie
2:53 PM: william@belnk[1].txt (ID = 2292)
2:53 PM: Found Spy Cookie: enhance cookie
2:53 PM: william@c.enhance[1].txt (ID = 2614)
2:53 PM: william@dist.belnk[2].txt (ID = 2293)
2:53 PM: Found Spy Cookie: ru4 cookie
2:53 PM: william@edge.ru4[1].txt (ID = 3269)
2:53 PM: Found Spy Cookie: exitexchange cookie
2:53 PM: william@exitexchange[1].txt (ID = 2633)
2:53 PM: Found Spy Cookie: clickandtrack cookie
2:53 PM: william@hits.clickandtrack[2].txt (ID = 2397)
2:53 PM: Found Spy Cookie: realmedia cookie
2:53 PM: william@network.realmedia[1].txt (ID = 3236)
2:53 PM: Found Spy Cookie: oinadserve cookie
2:53 PM: william@oinadserve[2].txt (ID = 3091)
2:53 PM: Found Spy Cookie: pro-market cookie
2:53 PM: william@pro-market[2].txt (ID = 3197)
2:53 PM: Found Spy Cookie: tacoda cookie
2:53 PM: william@tacoda[1].txt (ID = 6444)
2:53 PM: Found Spy Cookie: tradedoubler cookie
2:53 PM: william@tradedoubler[1].txt (ID = 3575)
2:53 PM: Found Spy Cookie: trafficmp cookie
2:53 PM: william@trafficmp[1].txt (ID = 3581)
2:53 PM: Found Spy Cookie: adserver cookie
2:53 PM: william@z1.adserver[1].txt (ID = 2142)
2:53 PM: Found Spy Cookie: zenotecnico cookie
2:53 PM: william@zenotecnico[1].txt (ID = 3858)
2:53 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
2:53 PM: Starting File Sweep
2:53 PM: c:\program files\mediapipe (1 subtraces) (ID = -2147470120)
2:53 PM: c:\my accessmedia (1 subtraces) (ID = -2147469182)
2:53 PM: c:\program files\common files\vcclient (9 subtraces) (ID = -2147461290)
2:53 PM: c:\documents and settings\all users\start menu\programs\winfixer2005 (4 subtraces) (ID = -2147471770)
2:53 PM: c:\program files\common files\winsoftware (1 subtraces) (ID = -2147476682)
2:53 PM: c:\program files\winfixer2005 (97 subtraces) (ID = -2147471814)
2:54 PM: nt68rrtc12.sys (ID = 220230)
2:54 PM: stlb2.xml (ID = 51945)
2:55 PM: template.dbx (ID = 114914)
2:55 PM: Found Adware: spysheriff
2:55 PM: heur001.dll (ID = 256434)
2:55 PM: vcupdate.exe.config (ID = 212361)
2:55 PM: vcupdate.exe (ID = 212831)
2:56 PM: dc3.exe (ID = 260102)
2:57 PM: uninstall_nmon.vbs (ID = 231442)
2:57 PM: dc2.exe (ID = 260103)
2:57 PM: visfx500[1].exe.tcf (ID = 244295)
2:58 PM: dfd.sys (ID = 153501)
2:58 PM: ssk.exe (ID = 257142)
3:00 PM: heur000.dll (ID = 253301)
3:00 PM: cv3wanv28.exe (ID = 259982)
3:00 PM: ftr.dll (ID = 153507)
3:01 PM: prcheck.dll (ID = 153518)
3:01 PM: sskffcore.dll (ID = 257145)
3:05 PM: Found Adware: spysheriff fakealert
3:05 PM: tool2.exe (ID = 267165)
3:06 PM: sskknwrd.dll (ID = 77733)
3:08 PM: mksawrtal.amf (ID = 208796)
3:10 PM: pf78.exe (ID = 244430)
3:10 PM: dfe.exe (ID = 153523)
3:11 PM: Found Adware: targetsaver
3:11 PM: vocabulary (ID = 78283)
3:11 PM: sskbho.dll (ID = 257143)
3:11 PM: heur002.dll (ID = 253303)
3:12 PM: heur003.dll (ID = 253304)
3:13 PM: sskcore.dll (ID = 257144)
3:14 PM: compcl.dll (ID = 153499)
3:14 PM: strrs.dll (ID = 153514)
3:14 PM: df_fix.dll (ID = 153502)
3:14 PM: df_prox.dll (ID = 153503)
3:14 PM: ffwrap.dll (ID = 153504)
3:14 PM: mmfx.dll (ID = 153511)
3:14 PM: fixcor.dll (ID = 153505)
3:14 PM: flfxr.dll (ID = 153506)
3:14 PM: uni_eh.exe (ID = 245110)
3:14 PM: unin101.exe (ID = 245111)
3:14 PM: dfd.sys (ID = 153501)
3:14 PM: Found Adware: regfreeze fakealert
3:14 PM: security.html (ID = 256093)
3:15 PM: Found Adware: coolwebsearch (cws)
3:15 PM: winkve32.dll.tcf (ID = 254186)
3:15 PM: vcmain.exe (ID = 212830)
3:15 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
3:15 PM: vcclient.exe (ID = 212828)
3:15 PM: HKU\S-1-5-21-606747145-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
3:15 PM: winfixer 2005.lnk (ID = 162516)
3:15 PM: dwdsregt.exe (ID = 235995)
3:16 PM: osaupd.exe (ID = 258280)
3:16 PM: qpdsrego.exe (ID = 293)
3:16 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || {85-59-96-62-ZN} (ID = 0)
3:16 PM: wupdmgr.exe (ID = 258280)
3:17 PM: str.exe (ID = 153513)
3:17 PM: uwfx5.exe (ID = 153516)
3:17 PM: w9seq.dll (ID = 259795)
3:18 PM: slk8x2peu.exe (ID = 259744)
3:18 PM: class-barrel (ID = 78229)
3:19 PM: winfixer 2005.lnk (ID = 162516)
3:20 PM: msnav32.ax (ID = 220229)
3:21 PM: z_start.lnk (ID = 235994)
3:21 PM: zxdnt3d.cfg (ID = 91140)
3:21 PM: credit counseling.url (ID = 130668)
3:21 PM: insurance home.url (ID = 130676)
3:21 PM: mortgage life insurance.url (ID = 130681)
3:21 PM: help desk software.url (ID = 130675)
3:21 PM: ab scissor.url (ID = 130666)
3:21 PM: videos.url (ID = 130694)
3:21 PM: what is hydrocodone.url (ID = 130695)
3:21 PM: online gambling casino.url (ID = 130684)
3:21 PM: refinancing my mortgage.url (ID = 130691)
3:21 PM: debt credit card.url (ID = 130671)
3:21 PM: fha.url (ID = 130673)
3:21 PM: zeno.lnk (ID = 146127)
3:21 PM: loan for debt consolidation.url (ID = 130677)
3:21 PM: health insurance.url (ID = 130674)
3:21 PM: personal loans online.url (ID = 130688)
3:21 PM: payroll advance.url (ID = 130687)
3:21 PM: marketing email.url (ID = 130679)
3:21 PM: prescription drugs rx online.url (ID = 130690)
3:21 PM: credit report.url (ID = 130669)
3:21 PM: tahoe vacation rental.url (ID = 130692)
3:21 PM: escorts.url (ID = 130672)
3:21 PM: order phentermine.url (ID = 130686)
3:21 PM: mortgage insurance.url (ID = 130680)
3:21 PM: personal loans with bad credit.url (ID = 130689)
3:21 PM: crm software.url (ID = 130670)
3:21 PM: nevada corporations.url (ID = 130682)
3:21 PM: unsecured bad credit loans.url (ID = 130693)
3:21 PM: loan for people with bad credit.url (ID = 130678)
3:21 PM: broadband comparison.url (ID = 130667)
3:21 PM: online betting site.url (ID = 130683)
3:21 PM: online instant loan.url (ID = 130685)
3:21 PM: flash.ini (ID = 147247)
3:21 PM: activate.dat (ID = 114890)
3:22 PM: up.dat (ID = 114916)
3:22 PM: winfixer 2005 on the web.lnk (ID = 154487)
3:22 PM: contact customer support.lnk (ID = 158828)
3:22 PM: azesearch.inf (ID = 50329)
3:22 PM: pz5pv351vm1gsrh5yk.vbs (ID = 185675)
3:22 PM: clientupdater.bat (ID = 212353)
3:22 PM: vcclient.exe.config (ID = 212358)
3:22 PM: Found System Monitor: potentially rootkit-masked files
3:22 PM: dvdkernl.sys (ID = 0)
3:22 PM: dvd4free.dll (ID = 0)
3:22 PM: Found Trojan Horse: trojan downloader matcash
3:22 PM: tag's web format filter 1.10.zip (ID = 255142)
3:22 PM: tag's web titler 1.10.zip (ID = 255142)
3:22 PM: talking messenger 3.0.zip (ID = 255142)
3:22 PM: Warning: Unhandled Archive Type
3:22 PM: Warning: Unhandled Archive Type
3:22 PM: cnet .zip (ID = 255142)
3:22 PM: tee-tip 1.zip (ID = 255142)
3:22 PM: teemate 1.0.zip (ID = 255142)
3:22 PM: talking reminder 2.zip (ID = 255142)
3:22 PM: tennis and squash manager 5.2.zip (ID = 255142)
3:22 PM: tareas msd multiuser 2.1.zip (ID = 255142)
3:22 PM: Warning: Unhandled Archive Type
3:22 PM: Warning: Unhandled Archive Type
3:22 PM: product reviews.zip (ID = 255142)
3:22 PM: tennis critters 1.01.zip (ID = 255142)
3:22 PM: tech news.zip (ID = 255142)
3:22 PM: t++ 1.5.zip (ID = 255142)
3:22 PM: t-boss 2.zip (ID = 255142)
3:22 PM: target longlife media player 1.0.zip (ID = 255142)
3:22 PM: teemwork 2.1.zip (ID = 255142)
3:22 PM: t-minus countdown clock 5.0.zip (ID = 255142)
3:22 PM: tennis elbow 2005 1.0b.zip (ID = 255142)
3:22 PM: teamcontacts 2.0.33.zip (ID = 255142)
3:22 PM: tennis navigator atp edition 1.3.zip (ID = 255142)
3:22 PM: talking secretary 2.02.zip (ID = 255142)
3:22 PM: talking time keeper 15.2.zip (ID = 255142)
3:22 PM: tbs easy fixed assets 6.2.zip (ID = 255142)
3:22 PM: tennisace 2.0.zip (ID = 255142)
3:22 PM: t-minus rolling stone's tour begins countdown 6.0.zip (ID = 255142)
3:22 PM: t-minus viewer and screensaver christmas countdown 6.0.zip (ID = 255142)
3:22 PM: tentacle 2.0.zip (ID = 255142)
3:22 PM: taxcontrols 5.0.3.6.zip (ID = 255142)
3:22 PM: teenage lawnmower 1.15.zip (ID = 255142)
3:22 PM: teamleader 2005 219.1.zip (ID = 255142)
3:22 PM: teammsn enterprise 3.zip (ID = 255142)
3:22 PM: tepee animator 1.0.zip (ID = 255142)
3:22 PM: terabytexcopy 1.0.zip (ID = 255142)
3:22 PM: teammsn standard 3.zip (ID = 255142)
3:22 PM: target post 3.0.zip (ID = 255142)
3:22 PM: teenagergoodnight 2.0.zip (ID = 255142)
3:22 PM: t-minus viewer and screensaver halloween countdown 6.0.zip (ID = 255142)
3:22 PM: target range demo .zip (ID = 255142)
3:22 PM: t-mobile connection manager 1.7.32.zip (ID = 255142)
3:22 PM: tejina 1.3.zip (ID = 255142)
3:22 PM: teratrax database manager 3.0.0.1759.zip (ID = 255142)
3:22 PM: teamtalk 3.1.1.zip (ID = 255142)
3:22 PM: teamtrack 5.8.zip (ID = 255142)
3:22 PM: teratrax performance monitor 2.5.1.zip (ID = 255142)
3:22 PM: talking translator pro 1.7.zip (ID = 255142)
3:22 PM: tbs home inventory 6.0.zip (ID = 255142)
3:22 PM: talkingpim 1.1 build 21.zip (ID = 255142)
3:22 PM: t-rex desktop theme 1.0.zip (ID = 255142)
3:22 PM: teravoice server 2004.zip (ID = 255142)
3:22 PM: termblaster 1.6.6.zip (ID = 255142)
3:22 PM: teker 1.1.zip (ID = 255142)
3:22 PM: terminal services applauncher 1.5.zip (ID = 255142)
3:22 PM: terminal services client .zip (ID = 255142)
3:22 PM: targetexpress 2.3.zip (ID = 255142)
3:22 PM: targetprocesssuite 1.2.zip (ID = 255142)
3:22 PM: t37fsp 1.1.9.zip (ID = 255142)
3:22 PM: tcp port toolkit 1.0.zip (ID = 255142)
3:22 PM: terminal services ftp 3.5.zip (ID = 255142)
3:22 PM: tekwar demo .zip (ID = 255142)
3:22 PM: teamtrade 1.08.03.zip (ID = 255142)
3:22 PM: terminal velocity patch 1.01a.zip (ID = 255142)
3:22 PM: talkingslide 1.1.zip (ID = 255142)
3:22 PM: teamtrax lite 1.1.zip (ID = 255142)
3:22 PM: talkittypeit 1.6.zip (ID = 255142)
3:22 PM: teamup .zip (ID = 255142)
3:22 PM: tasktimer 6.1.zip (ID = 255142)
3:22 PM: terminalserviceagent 1.zip (ID = 255142)
3:22 PM: teac fw updater for cd-w552e 1.0 (5122003).zip (ID = 255142)
3:22 PM: terminator 3 rise of the machines screensaver cg models 1.0.zip (ID = 255142)
3:22 PM: telco manager 3.5.18.zip (ID = 255142)
3:22 PM: teamviewer 1.14.zip (ID = 255142)
3:22 PM: terminator 3 rise of the machines screensaver skynet initializa 1.0.zip (ID = 255142)
3:22 PM: tcp spy 2.12.zip (ID = 255142)
3:22 PM: talkteeth dental practice management software 1.0.zip (ID = 255142)
3:22 PM: terminator 3 rise of the machines screensaver t-850 schematics 1.0.zip (ID = 255142)
3:22 PM: teapot saver 1.2.zip (ID = 255142)
3:22 PM: Warning: Unhandled Archive Type
3:22 PM: tcp tunnel 2.0.zip (ID = 255142)
3:22 PM: terminator 3 rise of the machines trailer .zip (ID = 255142)
3:22 PM: tele hypnosis pro 1.0.zip (ID = 255142)
3:22 PM: teac fw updater for dv-w50e 1.33a.zip (ID = 255142)
3:22 PM: tech instant messenger 1.3.zip (ID = 255142)
3:22 PM: talkymail 2002.10.3.zip (ID = 255142)
3:22 PM: teach me 1.0.zip (ID = 255142)
3:22 PM: tallapplications visual merge 1.0.1.zip (ID = 255142)
3:22 PM: tech-pro getback 1.3.zip (ID = 255142)
3:22 PM: tamale loco rumble in the desert 2 1.0.zip (ID = 255142)
3:22 PM: tcp viewer 2.81.zip (ID = 255142)
3:22 PM: tamestorm games filler 1.1.zip (ID = 255142)
3:22 PM: tcp-com 2.0.zip (ID = 255142)
3:22 PM: tcpip doom lancher 1.0.zip (ID = 255142)
3:22 PM: terminator future shock demo .zip (ID = 255142)
3:22 PM: tamigon 1.1.0.zip (ID = 255142)
3:23 PM: terminatorx site license 1.01.zip (ID = 255142)
3:23 PM: terminus 1.1 to 1.3 patch .zip (ID = 255142)
3:23 PM: takeda 2 demo .zip (ID = 255142)
3:23 PM: tele-cam. professional .zip (ID = 255142)
3:23 PM: terminus 1.1 to 1.4 patch .zip (ID = 255142)
3:23 PM: terminus 1.1 to 1.62 patch .zip (ID = 255142)
3:23 PM: terminus 1.1 to 1.7 patch .zip (ID = 255142)
3:23 PM: t3screensaver 1.0.zip (ID = 255142)
3:23 PM: terminus 1.1 to 1.8 patch .zip (ID = 255142)
3:23 PM: terminus 1.1 to 1.81 patch .zip (ID = 255142)
3:23 PM: t42 1.5.1.zip (ID = 255142)
3:23 PM: tech-pro sendmail 1.22.zip (ID = 255142)
3:23 PM: terminus 1.2 to 1.3 patch .zip (ID = 255142)
3:23 PM: tele-cap free 3.0.zip (ID = 255142)
3:23 PM: terminus 1.3 to 1.4 patch .zip (ID = 255142)
3:23 PM: t@b media converter 0.948.zip (ID = 255142)
3:23 PM: t@b zs4 video editing software 0.94.zip (ID = 255142)
3:23 PM: terminus 1.4 to 1.5 patch .zip (ID = 255142)
3:23 PM: tcpip quick guide 2005.zip (ID = 255142)
3:23 PM: terminus 1.5 to 1.6 patch .zip (ID = 255142)
3:23 PM: targus usb keypad 1.3 (22002).zip (ID = 255142)
3:23 PM: tasktracker 1.1.106.zip (ID = 255142)
3:23 PM: teach2000.7 xp 7.7.zip (ID = 255142)
3:23 PM: tab barlaunch 1.42.zip (ID = 255142)
3:23 PM: terminus 1.6 to 1.61 patch .zip (ID = 255142)
3:23 PM: terminus 1.61 to 1.62 patch .zip (ID = 255142)
3:23 PM: terminus 1.62 to 1.7 patch .zip (ID = 255142)
3:23 PM: terminus 1.7 to 1.8 patch .zip (ID = 255142)
3:23 PM: takeda demo .zip (ID = 255142)
3:23 PM: tams 1.1.zip (ID = 255142)
3:23 PM: terminus 1.8 to 1.81 patch .zip (ID = 255142)
3:23 PM: tcpdb 3.8.zip (ID = 255142)
3:23 PM: tanaka's osax 2.01.zip (ID = 255142)
3:23 PM: tab machine 1.0.zip (ID = 255142)
3:23 PM: tab mix plus 0.3.zip (ID = 255142)
3:23 PM: tab panel control 1.0.zip (ID = 255142)
3:23 PM: tele-cap professional 3.0.1.zip (ID = 255142)
3:23 PM: terminus 6 6.0.zip (ID = 255142)
3:23 PM: tab-one 1.1.12.zip (ID = 255142)
3:23 PM: tab2csv 1.01.zip (ID = 255142)
3:23 PM: tabazarii 1.1.zip (ID = 255142)
3:23 PM: takeda patch 1 .zip (ID = 255142)
3:23 PM: terminus demo .zip (ID = 255142)
3:23 PM: tarma installer 3.zip (ID = 255142)
3:23 PM: tanarus (large install) 0.93.zip (ID = 255142)
3:23 PM: tanarus (small install) 0.93.zip (ID = 255142)
3:23 PM: terminus demo patch 1.2 .zip (ID = 255142)
3:23 PM: terra aegrus 1.0.1.10.zip (ID = 255142)
3:23 PM: tele-cap. premium 2005.zip (ID = 255142)
3:23 PM: tandb for vb 6.0 1.0.0.1.zip (ID = 255142)
3:24 PM: tele-support helpdesk 3.0.zip (ID = 255142)
3:24 PM: terra force (revo) 1.1.zip (ID = 255142)
3:24 PM: teledesktop 4.10.zip (ID = 255142)
3:24 PM: taskulon5000 1.0.3.zip (ID = 255142)
3:24 PM: telemagic enterprise 5.0.zip (ID = 255142)
3:24 PM: terra force (series 5) 1.1.zip (ID = 255142)
3:24 PM: telemarketing blocker 3.0.zip (ID = 255142)
3:24 PM: tandemdocs 1.0.zip (ID = 255142)
3:24 PM: tbs home maintenance 6.0.zip (ID = 255142)
3:24 PM: tabbedpanel 1.0.zip (ID = 255142)
3:24 PM: tabbrowser preferences 1.2.8.7.zip (ID = 255142)
3:24 PM: taskxpress 2005 build 2151.zip (ID = 255142)
3:25 PM: takeda patch 2 .zip (ID = 255142)
3:28 PM: terra nova demo .zip (ID = 255142)
3:28 PM: telenotes for outlook 1.0.zip (ID = 255142)
3:28 PM: tangent 1.0.zip (ID = 255142)
3:28 PM: terra victus demo .zip (ID = 255142)
3:28 PM: tartimg 1.zip (ID = 255142)
3:28 PM: tacops 4 patch 4.05apu.zip (ID = 255142)
3:28 PM: tarzan demo .zip (ID = 255142)
3:28 PM: teleport 56k k56flex modem scripts .zip (ID = 255142)
3:28 PM: terra battle for the outland 1.50.5.zip (ID = 255142)
3:28 PM: teleport 56k v.90 itu standard modem scripts .zip (ID = 255142)
3:28 PM: tangible architect community edition 2.0.zip (ID = 255142)
3:28 PM: tango 1.0.zip (ID = 255142)
3:28 PM: tech-pro utilities collection 1.1.zip (ID = 255142)
3:28 PM: tango dropbox 2.2.zip (ID = 255142)
3:28 PM: teleport internal 56k modem scripts .zip (ID = 255142)
3:28 PM: tabby 1.zip (ID = 255142)
3:28 PM: tas professional 7.2 build 0.1.zip (ID = 255142)
3:28 PM: tabkeeper 1.1.zip (ID = 255142)
3:28 PM: takeform dynamic content 1.1.zip (ID = 255142)
3:28 PM: task actions 1.0.2.6.zip (ID = 255142)
3:28 PM: teleport pro 1.39.zip (ID = 255142)
3:28 PM: tango ftp 1.0 build 136.zip (ID = 255142)
3:28 PM: tcpdump for windows 3.9.zip (ID = 255142)
3:28 PM: teacher gradebook calculator 3.2.zip (ID = 255142)
3:28 PM: tasman 3.0.zip (ID = 255142)
3:28 PM: task and knowledge 2.1.zip (ID = 255142)
3:28 PM: teleport public preview 1 .zip (ID = 255142)
3:28 PM: tassos activex - basic line 1.0.zip (ID = 255142)
3:28 PM: teleport 56k x2 modem scripts .zip (ID = 255142)
3:28 PM: task catcher 1.0.0.2.zip (ID = 255142)
3:28 PM: tech-pro world clock 1.5.zip (ID = 255142)
3:28 PM: teacher's favorite hangman 3.0.zip (ID = 255142)
3:28 PM: techdigm office 2.1.zip (ID = 255142)
3:28 PM: task commander 2.5.zip (ID = 255142)
3:28 PM: techline cursor pack 1.0.zip (ID = 255142)
3:28 PM: techlogica ie customizer 1.2.zip (ID = 255142)
3:28 PM: task detailing 1.0.zip (ID = 255142)
3:28 PM: technoriver free barcode software component 1.2.zip (ID = 255142)
3:28 PM: task force 4 2.zip (ID = 255142)
3:28 PM: tatems 2005 3.1.0.zip (ID = 255142)
3:28 PM: task list basic 1.zip (ID = 255142)
3:28 PM: task lock 6.3.zip (ID = 255142)
3:28 PM: task manager 2005.zip (ID = 255142)
3:28 PM: task manager for excel 2.2.zip (ID = 255142)
3:28 PM: task pane wizard for office 1.0.zip (ID = 255142)
3:28 PM: teleport v.90 for keyspan usb updater 2.6.4.1.zip (ID = 255142)
3:28 PM: techpcvg 0.98b.zip (ID = 255142)
3:28 PM: telerec 111.zip (ID = 255142)
3:28 PM: terrabrowser 1.1.0.zip (ID = 255142)
3:28 PM: teacher's favorite hangman (os x) 3.5.zip (ID = 255142)
3:28 PM: table animator 1.1.zip (ID = 255142)
3:28 PM: terracide demo 0.94.zip (ID = 255142)
3:28 PM: table library 2.3.zip (ID = 255142)
3:28 PM: telescope simulator 2.0.zip (ID = 255142)
3:28 PM: terrafire 2.041d.zip (ID = 255142)
3:28 PM: telescreen-32 pro 5.2.1.14.zip (ID = 255142)
3:28 PM: teacher's net 1.0.zip (ID = 255142)
3:28 PM: terraformers v1.02 patch .zip (ID = 255142)
3:28 PM: television 2.zip (ID = 255142)
3:28 PM: telling stories 2.0.2.28.ts.zip (ID = 255142)
3:28 PM: tangram puzzle game 2.0.zip (ID = 255142)
3:28 PM: terrain for autocad 1.zip (ID = 255142)
3:28 PM: teachers personal information manager 1.4.02.zip (ID = 255142)
3:28 PM: tauschke uicreator 1.0.zip (ID = 255142)
3:28 PM: tank t-34 1.03.zip (ID = 255142)
3:28 PM: tellmethedynip 1.zip (ID = 255142)
3:28 PM: tavultesoft keyman standard edition 6.2.zip (ID = 255142)
3:28 PM: table lite 3.4.zip (ID = 255142)
3:28 PM: telltale texas hold em 1.0.zip (ID = 255142)
3:28 PM: terrain for rhino 3.0.zip (ID = 255142)
3:28 PM: terraincad 1.0.3.zip (ID = 255142)
3:28 PM: telnet 2000 1.1.zip (ID = 255142)
3:28 PM: teachers report assistant 5.0.zip (ID = 255142)
3:28 PM: terrainview-lite 3.1.1.4.zip (ID = 255142)
3:28 PM: techrepublic's disaster planning and recovery pack .zip (ID = 255142)
3:28 PM: table pro 3.24.zip (ID = 255142)
3:28 PM: telnet factory for .net 2.0.zip (ID = 255142)
3:28 PM: table tennis pro 1.93.zip (ID = 255142)
3:28 PM: table tennis pro 2.2.zip (ID = 255142)
3:28 PM: tapcalc desk tape calculator (pocket pc, arm) 1.41.zip (ID = 255142)
3:28 PM: terrasoft crm 2.8.zip (ID = 255142)
3:28 PM: teaching templates 2.3.zip (ID = 255142)
3:28 PM: techscheduler (advanced) 6.zip (ID = 255142)
3:28 PM: tablebar for autocad table 2.4.zip (ID = 255142)
3:28 PM: tank wars .zip (ID = 255142)
3:28 PM: tablecurve 2d 5.01.zip (ID = 255142)
3:28 PM: territory manager pro 4.0.zip (ID = 255142)
3:29 PM: takephone 6.0.zip (ID = 255142)
3:29 PM: tbs tool tracking 6.1.zip (ID = 255142)
3:29 PM: tabledit 2.64 build 9.zip (ID = 255142)
3:29 PM: teaching templates global edition 1.3.zip (ID = 255142)
3:29 PM: tax 1.zip (ID = 255142)
3:29 PM: tealauto 1.57.zip (ID = 255142)
3:29 PM: territory mapper u.s. edition 3.0.zip (ID = 255142)
3:29 PM: tbs vehicle maintenance 6.0.zip (ID = 255142)
3:29 PM: tabledit 2.64.zip (ID = 255142)
3:29 PM: tabledrills 7.0.2.85.zip (ID = 255142)
3:29 PM: tank-o-box 1.2.zip (ID = 255142)
3:30 PM: tableextractor 1.0.3.zip (ID = 255142)
3:30 PM: tablemanager lite 1.5.zip (ID = 255142)
3:30 PM: tc projector 2.2.zip (ID = 255142)
3:30 PM: terrorists 2.0.zip (ID = 255142)
3:30 PM: tableplanner 2.zip (ID = 255142)
3:30 PM: terrors of the deep 1.0.zip (ID = 255142)
3:30 PM: telnet magic 2.4.zip (ID = 255142)
3:30 PM: tanks evolution 1.0.zip (ID = 255142)
3:30 PM: tax assistant for excel 3.1.zip (ID = 255142)
3:30 PM: tealdoc 6.5.zip (ID = 255142)
3:30 PM: telnet server for windows nt2000xp 4.0.zip (ID = 255142)
3:30 PM: talbot lago t150 1.01.zip (ID = 255142)
3:30 PM: tables2csv 1.0.zip (ID = 255142)
3:30 PM: tablet enhancements for outlook 1.0.zip (ID = 255142)
3:30 PM: tabletennis3d 1.2.zip (ID = 255142)
3:30 PM: tersus visual programming platform 0.9.5 build id 200512271430.zip (ID = 255142)
3:30 PM: tales of lorea 1.4.6.zip (ID = 255142)
3:30 PM: tablut online 1.212.zip (ID = 255142)
3:30 PM: talisman desktop 2.95.zip (ID = 255142)
3:30 PM: tabmaster 1.1.zip (ID = 255142)
3:30 PM: telnetlauncher 2.7.5.zip (ID = 255142)
3:30 PM: tabpad 1.51.zip (ID = 255142)
3:30 PM: tesecs service 1.0.21.zip (ID = 255142)
3:30 PM: talk world 1.0.zip (ID = 255142)
3:30 PM: tesl8 1.0.zip (ID = 255142)
3:30 PM: tcad for delphi&bcb&kylix 1.0.zip (ID = 255142)
3:30 PM: techsheet 2.0.zip (ID = 255142)
3:30 PM: techskills testprep for 70-210 1.035.zip (ID = 255142)
3:30 PM: techsounds 5.0.zip (ID = 255142)
3:30 PM: telnetxq server 2.6.2.zip (ID = 255142)
3:30 PM: tealinfo 4.32.zip (ID = 255142)
3:30 PM: telstar 1.9.zip (ID = 255142)
3:30 PM: tealinfo palm os developer reference 1.01.zip (ID = 255142)
3:30 PM: tabtrax 1.9 build nov 2005.zip (ID = 255142)
3:30 PM: tabula 2.2.zip (ID = 255142)
3:30 PM: tabview organizer 1.02.013.zip (ID = 255142)
3:30 PM: telwell 3.1.2.4.zip (ID = 255142)
3:30 PM: tcpip library 1.1.zip (ID = 255142)
3:31 PM: tembria server monitor 4.1.2.zip (ID = 255142)
3:31 PM: td waterhouse 1.0.zip (ID = 255142)
3:31 PM: talk-n-mail 2000.j.zip (ID = 255142)
3:31 PM: tagalog translator 1.5.zip (ID = 255142)
3:31 PM: tax extension 1.0.zip (ID = 255142)
3:31 PM: teminus demo .zip (ID = 255142)
3:31 PM: taggin' mp3 1.4.zip (ID = 255142)
3:31 PM: tankswar 1.0.zip (ID = 255142)
3:31 PM: tcpiq threadpool.net test harness 1.0.zip (ID = 255142)
3:31 PM: tagrunner 1.4.zip (ID = 255142)
3:31 PM: tanktics demo .zip (ID = 255142)
3:31 PM: ten little indians 1.3.zip (ID = 255142)
3:31 PM: tac tool 1.0.2073.39495.zip (ID = 255142)
3:31 PM: tactical air combat simulator (tacs) 1.2.zip (ID = 255142)
3:31 PM: temp measure 1.0.zip (ID = 255142)
3:31 PM: tactical ops assault on terror 1.0.zip (ID = 255142)
3:31 PM: temp-mail (greek) 1.zip (ID = 255142)
3:31 PM: tactical ops assault on terror 3.4 patch .zip (ID = 255142)
3:31 PM: taceo 1.4.1.zip (ID = 255142)
3:31 PM: tachyon the fringe 1.00.00.21r patch .zip (ID = 255142)
3:31 PM: taskbar organizer 1.01.zip (ID = 255142)
3:31 PM: tempelert 2.16c.zip (ID = 255142)
3:31 PM: tax forms assistant 7.0.zip (ID = 255142)
3:31 PM: taskbar.net 1.0.zip (ID = 255142)
3:31 PM: teallock 5.21b.zip (ID = 255142)
3:31 PM: temperature monitor 2.0.zip (ID = 255142)
3:31 PM: tccradius 2002 standard edition build 08.30.2002.zip (ID = 255142)
3:31 PM: tealmagnify 2.60.zip (ID = 255142)
3:31 PM: temperature tracker 3.5.zip (ID = 255142)
3:31 PM: talkbypc softphone 1.0.0.3.zip (ID = 255142)
3:31 PM: tansu tcp 1.2.zip (ID = 255142)
3:31 PM: tcplayer 0.9b.zip (ID = 255142)
3:31 PM: template and menu hot sauce 7.0.zip (ID = 255142)
3:31 PM: teslamap 5.7.zip (ID = 255142)
3:31 PM: taskbrowser 1.0.zip (ID = 255142)
3:31 PM: tantalos loginpassword keeper lite 1.9.zip

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 March 2006 - 04:21 PM

I suggest you do this:

Please do not delete anything unless instructed to.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - _{94002F46-B5D9-B35B-A1F8-E33BF70175C1} - (no file)
O4 - HKLM\..\Run: [msdbqklA] C:\WINDOWS\msdbqklA.exe
O4 - HKLM\..\Run: [win320938-18690638] C:\WINDOWS\win320938-18690638.exe
O4 - HKCU\..\Run: [Wuot] "C:\WINDOWS\system32\CROSOF~1\msconfig.exe" -vt mt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O20 - Winlogon Notify: dvd4free - dvd4free.dll (file missing)
O20 - Winlogon Notify: winszd32 - C:\WINDOWS\SYSTEM32\winszd32.dll

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
C:\WINDOWS\msdbqklA.exe
C:\WINDOWS\win320938-18690638.exe
C:\WINDOWS\SYSTEM32\winszd32.dll
C:\Program Files\Network Monitor\netmon.exe


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 rebelbassfishr

rebelbassfishr

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 19 March 2006 - 09:32 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:27:38 AM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\William\Desktop\New Folder (2)\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com/mothership.aspx
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

everything seems to be in working order.......thank you once again

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 March 2006 - 02:13 PM

Good Job :thumbup:

use Add/Remove Programs and remove Ewido and Spy Sweeperunless you want to keep it. They are only a 14 day trial version.


Log looks good :D :thumbup: How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.





If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 March 2006 - 09:22 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users