Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

plz help computer running real slow [RESOLVED]


  • This topic is locked This topic is locked

#1
ballistic69

ballistic69

    Member

  • Member
  • PipPip
  • 17 posts
iv tried all the software u guys recommended and found spyware with ad-aware but its still slow. right. just ran the anti-virus and found nothing. pages wont even load on internet explorer just say not responding or just take a real long time. when i open up a folder including my computer folder it has the seach a folder icon for a while then it will open up. i have a hijack this log and as soon as u want i will post. thanks for the help

later eric

i have road runner dell com. with pentium 4 3.0ghz hope this helps for now

Edited by ballistic69, 07 March 2006 - 09:40 PM.

  • 0

Advertisements


#2
williesbest2

williesbest2

    Visiting Staff

  • Member
  • PipPipPip
  • 892 posts
Hi ballistic69 I will be helping you with your computer today. Please give me a little while to get an idea what may be causing this system. I will post back with instructions as soon as possible.
  • 0

#3
williesbest2

williesbest2

    Visiting Staff

  • Member
  • PipPipPip
  • 892 posts
You said that you have a HijackThis log. To post the log open the log and click Edit>Select all and reply in this thread.
  • 0

#4
ballistic69

ballistic69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ok thanks for your help. hope im not to late. but here is my log from todays when i started up the computer

Logfile of HijackThis v1.99.1
Scan saved at 1:19:12 PM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\AOL\1110862625\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1110862625\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\1110862625\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1110862625\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\America Online 9.0\shellmon.exe
c:\program files\common files\aol\1110862625\ee\aolssc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mario\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110862625\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1110862625\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1110862625\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: palstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106798635796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136953209875
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai....GAPANEL_USA.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak04.picture...US.9.1.6.20.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1110862625\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe



thanks for your help laters
  • 0

#5
williesbest2

williesbest2

    Visiting Staff

  • Member
  • PipPipPip
  • 892 posts
Please do the following scan

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#6
ballistic69

ballistic69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Incident Status Location

Adware:adware program Not disinfected C:\WINDOWS\ss3unstl.exe
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MyWay
Potentially unwanted tool:application/winantispyware2006 Not disinfected HKEY_CURRENT_USER\SOFTWARE\WINANTISPYWARE 2006 SCANNER
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\mario\Cookies\mario@2o7[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\mario\Cookies\mario@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\mario\Cookies\mario@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\mario\Cookies\mario@apmebf[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\mario\Cookies\mario@burstnet[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\mario\Cookies\mario@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\mario\Cookies\mario@com[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\mario\Cookies\mario@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\mario\Cookies\mario@questionmarket[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\mario\Cookies\mario@statcounter[1].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\mario\Cookies\mario@teensforcash[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\mario\Cookies\mario@trafficmp[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\mario\Cookies\mario@webpower[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\mario\Cookies\mario@2o7[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\mario\Cookies\mario@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\mario\Cookies\mario@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\mario\Cookies\mario@apmebf[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\mario\Cookies\mario@burstnet[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\mario\Cookies\mario@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\mario\Cookies\mario@com[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\mario\Cookies\mario@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\mario\Cookies\mario@questionmarket[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\mario\Cookies\mario@statcounter[1].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\mario\Cookies\mario@teensforcash[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\mario\Cookies\mario@trafficmp[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\mario\Cookies\mario@webpower[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\mario\Cookies\[email protected][1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@atdmt[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@banner[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@burstnet[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@ccbill[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@entrepreneur[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@go[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@hitbox[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@linksynergy[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@realmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@serving-sys[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@sextracker[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@target[2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@teensforcash[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@trafficmp[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@valueclick[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@winfixer[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ramiro ramirez\Cookies\ramiro ramirez@zedo[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ramiro ramirez\Local Settings\Temp\Cookies\ramiro [email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\ramiro ramirez\Local Settings\Temp\Cookies\ramiro [email protected][1].txt
ok there it is. so should i get the program and desinfect every thing
  • 0

#7
williesbest2

williesbest2

    Visiting Staff

  • Member
  • PipPipPip
  • 892 posts
Hi ballistic69 you do not have to purchase the program to disinfect anything, that was just used to see what kind of stuff was on your computer. Please follow the following directions:

1. Fix in HijackThis
Please re-open HijackThis and put a check next to each of the following entries

O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com

Then click Fix Checked and close HijackThis

2. Spy Sweeper
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#8
ballistic69

ballistic69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ok all done here is my hijack this log after i check the two that u said and restarted and the spy sweeper log



Logfile of HijackThis v1.99.1
Scan saved at 9:25:28 PM, on 3/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1110862625\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\AOL\1110862625\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1110862625\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1110862625\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\common files\aol\1110862625\ee\ComputerCheckup.exe
C:\Documents and Settings\mario\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110862625\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1110862625\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1110862625\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: palstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106798635796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136953209875
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai....GAPANEL_USA.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak04.picture...US.9.1.6.20.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1110862625\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe










********
8:32 PM: | Start of Session, Monday, March 13, 2006 |
8:32 PM: Spy Sweeper started
8:32 PM: Sweep initiated using definitions version 632
8:32 PM: Starting Memory Sweep
8:37 PM: Memory Sweep Complete, Elapsed Time: 00:04:18
8:37 PM: Starting Registry Sweep
8:37 PM: Found Adware: netratings
8:37 PM: HKCR\clsid\{92ca8acc-4e99-4a2a-93f1-b2c5cadc8613}\ (18 subtraces) (ID = 135917)
8:37 PM: HKCR\clsid\{f8c374fa-c45b-4268-af84-f74088fd2d0a}\ (3 subtraces) (ID = 135918)
8:37 PM: HKCR\nminstall.nminstallctrl.1\ (3 subtraces) (ID = 135919)
8:37 PM: HKLM\software\classes\clsid\{92ca8acc-4e99-4a2a-93f1-b2c5cadc8613}\ (18 subtraces) (ID = 135921)
8:37 PM: HKLM\software\classes\clsid\{f8c374fa-c45b-4268-af84-f74088fd2d0a}\ (3 subtraces) (ID = 135922)
8:37 PM: HKLM\software\classes\nminstall.nminstallctrl.1\ (3 subtraces) (ID = 135923)
8:37 PM: HKLM\software\classes\typelib\{e5c91897-eab2-4f5f-9ce2-666be612aa1a}\ (9 subtraces) (ID = 135925)
8:37 PM: HKCR\typelib\{e5c91897-eab2-4f5f-9ce2-666be612aa1a}\ (9 subtraces) (ID = 135929)
8:37 PM: Found Adware: screensavers
8:37 PM: HKLM\software\screensavers.com\ (ID = 140569)
8:37 PM: Found Adware: startnow
8:37 PM: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\common files\hyperbar\ (ID = 142609)
8:37 PM: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\startnow\ (ID = 142610)
8:37 PM: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\startnow\navigation helper\ (ID = 142611)
8:37 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{ede0985b-d652-4573-a89e-803cb2597247}\ (24 subtraces) (ID = 142617)
8:37 PM: Found System Monitor: ultraview plus
8:37 PM: HKLM\software\classes\appid\director.exe\ (1 subtraces) (ID = 1191157)
8:37 PM: HKLM\software\classes\appid\director.exe\ || appid (ID = 1191158)
8:37 PM: Found Adware: mypoints
8:37 PM: HKU\S-1-5-21-665158067-3309646750-647358578-1007\software\microsoft\internet explorer\menuext\mypoints\ (2 subtraces) (ID = 135491)
8:37 PM: HKU\S-1-5-21-665158067-3309646750-647358578-1007\software\microsoft\internet explorer\extensions\{67b50696-04ba-48ea-a697-28aa0eaa9c26}\ (6 subtraces) (ID = 135492)
8:37 PM: HKU\S-1-5-21-665158067-3309646750-647358578-1007\software\microsoft\installer\features\b5890ede256d37548ae908c32b952774\ (2 subtraces) (ID = 142595)
8:37 PM: HKU\S-1-5-21-665158067-3309646750-647358578-1007\software\microsoft\installer\products\b5890ede256d37548ae908c32b952774\ (17 subtraces) (ID = 142596)
8:37 PM: Found Adware: startnow startnow hijack
8:37 PM: HKU\S-1-5-21-665158067-3309646750-647358578-1007\software\microsoft\internet explorer\search\ || local page (ID = 142622)
8:37 PM: HKU\S-1-5-21-665158067-3309646750-647358578-1007\software\microsoft\internet explorer\search\ || searchassistant (ID = 142626)
8:37 PM: HKU\S-1-5-21-665158067-3309646750-647358578-1007\software\microsoft\internet explorer\search\ || customizesearch (ID = 142627)
8:37 PM: Found Adware: winantispyware 2005
8:37 PM: HKU\S-1-5-21-665158067-3309646750-647358578-1007\software\winantispyware 2006 scanner\ (21 subtraces) (ID = 1145919)
8:37 PM: HKU\WRSS_Profile_S-1-5-21-665158067-3309646750-647358578-1006\software\microsoft\internet explorer\menuext\mypoints\ (2 subtraces) (ID = 135491)
8:37 PM: HKU\WRSS_Profile_S-1-5-21-665158067-3309646750-647358578-1006\software\microsoft\internet explorer\extensions\{67b50696-04ba-48ea-a697-28aa0eaa9c26}\ (6 subtraces) (ID = 135492)
8:37 PM: HKU\WRSS_Profile_S-1-5-21-665158067-3309646750-647358578-1006\software\igor v. gunko\ (ID = 142591)
8:37 PM: Registry Sweep Complete, Elapsed Time:00:00:20
8:37 PM: Starting Cookie Sweep
8:37 PM: Found Spy Cookie: 2o7.net cookie
8:37 PM: mario@2o7[1].txt (ID = 1957)
8:37 PM: Found Spy Cookie: yieldmanager cookie
8:37 PM: [email protected][2].txt (ID = 3751)
8:37 PM: Found Spy Cookie: adknowledge cookie
8:37 PM: mario@adknowledge[1].txt (ID = 2072)
8:37 PM: Found Spy Cookie: specificclick.com cookie
8:37 PM: [email protected][2].txt (ID = 3400)
8:37 PM: Found Spy Cookie: addynamix cookie
8:37 PM: [email protected][2].txt (ID = 2062)
8:37 PM: Found Spy Cookie: adtech cookie
8:37 PM: mario@adtech[2].txt (ID = 2155)
8:37 PM: Found Spy Cookie: adultfriendfinder cookie
8:37 PM: mario@adultfriendfinder[2].txt (ID = 2165)
8:37 PM: Found Spy Cookie: apmebf cookie
8:37 PM: mario@apmebf[2].txt (ID = 2229)
8:37 PM: Found Spy Cookie: falkag cookie
8:37 PM: [email protected][1].txt (ID = 2650)
8:37 PM: Found Spy Cookie: atwola cookie
8:37 PM: mario@atwola[1].txt (ID = 2255)
8:37 PM: Found Spy Cookie: belnk cookie
8:37 PM: mario@belnk[1].txt (ID = 2292)
8:37 PM: Found Spy Cookie: bizrate cookie
8:37 PM: mario@bizrate[1].txt (ID = 2308)
8:37 PM: Found Spy Cookie: burstnet cookie
8:37 PM: mario@burstnet[2].txt (ID = 2336)
8:37 PM: Found Spy Cookie: barelylegal cookie
8:37 PM: [email protected][1].txt (ID = 2286)
8:37 PM: Found Spy Cookie: casalemedia cookie
8:37 PM: mario@casalemedia[1].txt (ID = 2354)
8:37 PM: Found Spy Cookie: centrport net cookie
8:37 PM: mario@centrport[1].txt (ID = 2374)
8:37 PM: Found Spy Cookie: overture cookie
8:37 PM: [email protected][1].txt (ID = 3106)
8:37 PM: [email protected][2].txt (ID = 2293)
8:37 PM: Found Spy Cookie: ru4 cookie
8:37 PM: [email protected][1].txt (ID = 3269)
8:37 PM: Found Spy Cookie: humanclick cookie
8:37 PM: [email protected][1].txt (ID = 2810)
8:37 PM: Found Spy Cookie: ic-live cookie
8:37 PM: mario@ic-live[1].txt (ID = 2821)
8:37 PM: [email protected][1].txt (ID = 1958)
8:37 PM: Found Spy Cookie: nextag cookie
8:37 PM: mario@nextag[1].txt (ID = 5014)
8:37 PM: [email protected][1].txt (ID = 3106)
8:37 PM: Found Spy Cookie: qksrv cookie
8:37 PM: mario@qksrv[2].txt (ID = 3213)
8:37 PM: Found Spy Cookie: questionmarket cookie
8:37 PM: mario@questionmarket[1].txt (ID = 3217)
8:37 PM: Found Spy Cookie: affiliatefuel.com cookie
8:37 PM: [email protected][2].txt (ID = 2202)
8:37 PM: Found Spy Cookie: realmedia cookie
8:37 PM: mario@realmedia[2].txt (ID = 3235)
8:37 PM: Found Spy Cookie: valuead cookie
8:37 PM: [email protected][2].txt (ID = 3627)
8:37 PM: Found Spy Cookie: statcounter cookie
8:37 PM: mario@statcounter[1].txt (ID = 3447)
8:37 PM: Found Spy Cookie: tacoda cookie
8:37 PM: mario@tacoda[2].txt (ID = 6444)
8:37 PM: Found Spy Cookie: teensforcash cookie
8:37 PM: mario@teensforcash[1].txt (ID = 3509)
8:37 PM: Found Spy Cookie: trafficmp cookie
8:37 PM: mario@trafficmp[2].txt (ID = 3581)
8:37 PM: Found Spy Cookie: webpower cookie
8:37 PM: mario@webpower[1].txt (ID = 3660)
8:37 PM: [email protected][1].txt (ID = 2202)
8:37 PM: Found Spy Cookie: burstbeacon cookie
8:37 PM: [email protected][1].txt (ID = 2335)
8:37 PM: mario@yieldmanager[2].txt (ID = 3749)
8:37 PM: Found Spy Cookie: adserver cookie
8:37 PM: [email protected][1].txt (ID = 2142)
8:37 PM: Found Spy Cookie: zedo cookie
8:37 PM: mario@zedo[2].txt (ID = 3762)
8:37 PM: Found Spy Cookie: primaryads cookie
8:37 PM: ramiro [email protected][2].txt (ID = 3190)
8:37 PM: ramiro ramirez@2o7[2].txt (ID = 1957)
8:37 PM: Found Spy Cookie: websponsors cookie
8:37 PM: ramiro [email protected][1].txt (ID = 3665)
8:37 PM: ramiro [email protected][2].txt (ID = 3751)
8:37 PM: ramiro ramirez@adknowledge[1].txt (ID = 2072)
8:37 PM: Found Spy Cookie: hbmediapro cookie
8:37 PM: ramiro [email protected][2].txt (ID = 2768)
8:37 PM: ramiro [email protected][2].txt (ID = 3400)
8:37 PM: Found Spy Cookie: adprofile cookie
8:37 PM: ramiro ramirez@adprofile[1].txt (ID = 2084)
8:37 PM: ramiro [email protected][2].txt (ID = 2062)
8:37 PM: Found Spy Cookie: cc214142 cookie
8:37 PM: ramiro [email protected][1].txt (ID = 2367)
8:37 PM: ramiro ramirez@adultfriendfinder[2].txt (ID = 2165)
8:37 PM: Found Spy Cookie: advertising cookie
8:37 PM: ramiro ramirez@advertising[2].txt (ID = 2175)
8:37 PM: Found Spy Cookie: go.com cookie
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: Found Spy Cookie: ask cookie
8:37 PM: ramiro ramirez@ask[2].txt (ID = 2245)
8:37 PM: Found Spy Cookie: atlas dmt cookie
8:37 PM: ramiro ramirez@atdmt[1].txt (ID = 2253)
8:37 PM: ramiro ramirez@atwola[2].txt (ID = 2255)
8:37 PM: Found Spy Cookie: azjmp cookie
8:37 PM: ramiro ramirez@azjmp[2].txt (ID = 2270)
8:37 PM: Found Spy Cookie: banner cookie
8:37 PM: ramiro ramirez@banner[1].txt (ID = 2276)
8:37 PM: ramiro ramirez@bizrate[2].txt (ID = 2308)
8:37 PM: ramiro [email protected][1].txt (ID = 1958)
8:37 PM: Found Spy Cookie: bs.serving-sys cookie
8:37 PM: ramiro [email protected][1].txt (ID = 2330)
8:37 PM: ramiro ramirez@burstnet[2].txt (ID = 2336)
8:37 PM: ramiro [email protected][1].txt (ID = 2286)
8:37 PM: ramiro ramirez@casalemedia[1].txt (ID = 2354)
8:37 PM: Found Spy Cookie: ccbill cookie
8:37 PM: ramiro ramirez@ccbill[1].txt (ID = 2369)
8:37 PM: Found Spy Cookie: classmates cookie
8:37 PM: ramiro ramirez@classmates[2].txt (ID = 2384)
8:37 PM: Found Spy Cookie: coolsavings cookie
8:37 PM: ramiro ramirez@coolsavings[1].txt (ID = 2465)
8:37 PM: Found Spy Cookie: sextracker cookie
8:37 PM: ramiro [email protected][1].txt (ID = 3362)
8:37 PM: ramiro [email protected][1].txt (ID = 3362)
8:37 PM: ramiro [email protected][1].txt (ID = 3362)
8:37 PM: ramiro [email protected][1].txt (ID = 3362)
8:37 PM: ramiro [email protected][1].txt (ID = 3106)
8:37 PM: Found Spy Cookie: directtrack cookie
8:37 PM: ramiro ramirez@directtrack[1].txt (ID = 2527)
8:37 PM: ramiro [email protected][2].txt (ID = 2729)
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: ramiro [email protected][2].txt (ID = 2729)
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: ramiro [email protected][1].txt (ID = 3269)
8:37 PM: Found Spy Cookie: fastclick cookie
8:37 PM: ramiro ramirez@fastclick[2].txt (ID = 2651)
8:37 PM: ramiro ramirez@go[1].txt (ID = 2728)
8:37 PM: ramiro ramirez@go[2].txt (ID = 2728)
8:37 PM: Found Spy Cookie: homestore cookie
8:37 PM: ramiro ramirez@homestore[2].txt (ID = 2793)
8:37 PM: Found Spy Cookie: hotbar cookie
8:37 PM: ramiro ramirez@hotbar[2].txt (ID = 2797)
8:37 PM: Found Spy Cookie: screensavers.com cookie
8:37 PM: ramiro [email protected][1].txt (ID = 3298)
8:37 PM: ramiro ramirez@ic-live[1].txt (ID = 2821)
8:37 PM: Found Spy Cookie: imlive.com cookie
8:37 PM: ramiro ramirez@imlive[2].txt (ID = 2843)
8:37 PM: Found Spy Cookie: sb01 cookie
8:37 PM: ramiro [email protected][2].txt (ID = 3288)
8:37 PM: Found Spy Cookie: linksynergy cookie
8:37 PM: ramiro ramirez@linksynergy[2].txt (ID = 2926)
8:37 PM: Found Spy Cookie: maxserving cookie
8:37 PM: ramiro ramirez@maxserving[1].txt (ID = 2966)
8:37 PM: ramiro [email protected][1].txt (ID = 2652)
8:37 PM: Found Spy Cookie: mediaplex cookie
8:37 PM: ramiro ramirez@mediaplex[2].txt (ID = 6442)
8:37 PM: Found Spy Cookie: metareward.com cookie
8:37 PM: ramiro ramirez@metareward[1].txt (ID = 2990)
8:37 PM: ramiro ramirez@nextag[1].txt (ID = 5014)
8:37 PM: Found Spy Cookie: one-time-offer cookie
8:37 PM: ramiro ramirez@one-time-offer[2].txt (ID = 3095)
8:37 PM: ramiro [email protected][1].txt (ID = 1958)
8:37 PM: ramiro [email protected][1].txt (ID = 3106)
8:37 PM: Found Spy Cookie: play.pchlotto cookie
8:37 PM: ramiro [email protected][2].txt (ID = 3145)
8:37 PM: Found Spy Cookie: moviemonster cookie
8:37 PM: ramiro [email protected][1].txt (ID = 3011)
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: ramiro ramirez@realmedia[2].txt (ID = 3235)
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: Found Spy Cookie: pch cookie
8:37 PM: ramiro [email protected][2].txt (ID = 3124)
8:37 PM: ramiro ramirez@screensavers[1].txt (ID = 3297)
8:37 PM: Found Spy Cookie: server.iad.liveperson cookie
8:37 PM: ramiro [email protected][1].txt (ID = 3341)
8:37 PM: Found Spy Cookie: serving-sys cookie
8:37 PM: ramiro ramirez@serving-sys[2].txt (ID = 3343)
8:37 PM: Found Spy Cookie: servlet cookie
8:37 PM: ramiro ramirez@servlet[1].txt (ID = 3345)
8:37 PM: ramiro ramirez@servlet[2].txt (ID = 3345)
8:37 PM: ramiro ramirez@servlet[3].txt (ID = 3345)
8:37 PM: ramiro ramirez@sextracker[2].txt (ID = 3361)
8:37 PM: Found Spy Cookie: webtrendslive cookie
8:37 PM: ramiro [email protected][1].txt (ID = 3667)
8:37 PM: ramiro ramirez@teensforcash[1].txt (ID = 3509)
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: ramiro ramirez@trafficmp[2].txt (ID = 3581)
8:37 PM: Found Spy Cookie: tripod cookie
8:37 PM: ramiro ramirez@tripod[1].txt (ID = 3591)
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: ramiro [email protected][2].txt (ID = 2528)
8:37 PM: Found Spy Cookie: clickzs cookie
8:37 PM: ramiro [email protected][2].txt (ID = 2413)
8:37 PM: ramiro [email protected][1].txt (ID = 2202)
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: ramiro [email protected][1].txt (ID = 2729)
8:37 PM: ramiro [email protected][1].txt (ID = 3124)
8:37 PM: ramiro [email protected][2].txt (ID = 3298)
8:37 PM: Found Spy Cookie: franklinsurveys cookie
8:37 PM: ramiro [email protected][2].txt (ID = 2689)
8:37 PM: Found Spy Cookie: xmatch cookie
8:37 PM: ramiro ramirez@xmatch[2].txt (ID = 3719)
8:37 PM: ramiro [email protected][1].txt (ID = 2142)
8:37 PM: ramiro ramirez@zedo[2].txt (ID = 3762)
8:37 PM: Cookie Sweep Complete, Elapsed Time: 00:00:11
8:37 PM: Starting File Sweep
8:37 PM: c:\documents and settings\ramiro ramirez\application data\hyperbar (1 subtraces) (ID = -2147480231)
8:37 PM: c:\documents and settings\all users\application data\hyperbar (1 subtraces) (ID = -2147480230)
8:37 PM: c:\program files\common files\hyperbar (ID = -2147480228)
8:38 PM: a0144273.sys (ID = 238540)
8:41 PM: a0104571.dll (ID = 242110)
8:44 PM: uwasfsd.sys (ID = 242115)
8:45 PM: a0104523.sys (ID = 238540)
8:49 PM: a0105315.exe (ID = 74759)
8:51 PM: a0118299.sys (ID = 134888)
8:51 PM: a0104561.exe (ID = 242108)
8:52 PM: Found Adware: sexfiles dialers
8:52 PM: dating.lnk (ID = 75396)
8:55 PM: a0104564.dll (ID = 242107)
8:57 PM: Found Adware: whenu savenow
8:57 PM: a0102885.exe (ID = 127141)
9:03 PM: nminstall.dll (ID = 70902)
9:03 PM: a0104562.exe (ID = 242111)
9:05 PM: a0104533.exe (ID = 238554)
9:12 PM: sinstaller.inf (ID = 74756)
9:12 PM: nminstall.inf (ID = 70907)
9:12 PM: Warning: Unhandled Archive Type
9:12 PM: Warning: Unhandled Archive Type
9:14 PM: Warning: Invalid Stream
9:15 PM: File Sweep Complete, Elapsed Time: 00:37:35
9:15 PM: Full Sweep has completed. Elapsed time 00:42:32
9:15 PM: Traces Found: 318
9:16 PM: Removal process initiated
9:17 PM: Quarantining All Traces: ultraview plus
9:17 PM: Quarantining All Traces: startnow
9:17 PM: Quarantining All Traces: mypoints
9:17 PM: Quarantining All Traces: netratings
9:17 PM: Quarantining All Traces: screensavers
9:17 PM: Quarantining All Traces: sexfiles dialers
9:17 PM: Quarantining All Traces: startnow startnow hijack
9:17 PM: Quarantining All Traces: 2o7.net cookie
9:17 PM: Quarantining All Traces: addynamix cookie
9:17 PM: Quarantining All Traces: adknowledge cookie
9:17 PM: Quarantining All Traces: adprofile cookie
9:17 PM: Quarantining All Traces: adserver cookie
9:17 PM: Quarantining All Traces: adtech cookie
9:17 PM: Quarantining All Traces: adultfriendfinder cookie
9:17 PM: Quarantining All Traces: advertising cookie
9:17 PM: Quarantining All Traces: affiliatefuel.com cookie
9:17 PM: Quarantining All Traces: apmebf cookie
9:17 PM: Quarantining All Traces: ask cookie
9:17 PM: Quarantining All Traces: atlas dmt cookie
9:17 PM: Quarantining All Traces: atwola cookie
9:17 PM: Quarantining All Traces: azjmp cookie
9:17 PM: Quarantining All Traces: banner cookie
9:17 PM: Quarantining All Traces: barelylegal cookie
9:17 PM: Quarantining All Traces: belnk cookie
9:17 PM: Quarantining All Traces: bizrate cookie
9:17 PM: Quarantining All Traces: bs.serving-sys cookie
9:17 PM: Quarantining All Traces: burstbeacon cookie
9:17 PM: Quarantining All Traces: burstnet cookie
9:17 PM: Quarantining All Traces: casalemedia cookie
9:17 PM: Quarantining All Traces: cc214142 cookie
9:17 PM: Quarantining All Traces: ccbill cookie
9:17 PM: Quarantining All Traces: centrport net cookie
9:17 PM: Quarantining All Traces: classmates cookie
9:17 PM: Quarantining All Traces: clickzs cookie
9:17 PM: Quarantining All Traces: coolsavings cookie
9:17 PM: Quarantining All Traces: directtrack cookie
9:17 PM: Quarantining All Traces: falkag cookie
9:17 PM: Quarantining All Traces: fastclick cookie
9:17 PM: Quarantining All Traces: franklinsurveys cookie
9:17 PM: Quarantining All Traces: go.com cookie
9:17 PM: Quarantining All Traces: hbmediapro cookie
9:17 PM: Quarantining All Traces: homestore cookie
9:17 PM: Quarantining All Traces: hotbar cookie
9:17 PM: Quarantining All Traces: humanclick cookie
9:17 PM: Quarantining All Traces: ic-live cookie
9:17 PM: Quarantining All Traces: imlive.com cookie
9:17 PM: Quarantining All Traces: linksynergy cookie
9:17 PM: Quarantining All Traces: maxserving cookie
9:17 PM: Quarantining All Traces: mediaplex cookie
9:17 PM: Quarantining All Traces: metareward.com cookie
9:17 PM: Quarantining All Traces: moviemonster cookie
9:17 PM: Quarantining All Traces: nextag cookie
9:17 PM: Quarantining All Traces: one-time-offer cookie
9:17 PM: Quarantining All Traces: overture cookie
9:17 PM: Quarantining All Traces: pch cookie
9:17 PM: Quarantining All Traces: play.pchlotto cookie
9:17 PM: Quarantining All Traces: primaryads cookie
9:17 PM: Quarantining All Traces: qksrv cookie
9:17 PM: Quarantining All Traces: questionmarket cookie
9:17 PM: Quarantining All Traces: realmedia cookie
9:17 PM: Quarantining All Traces: ru4 cookie
9:17 PM: Quarantining All Traces: sb01 cookie
9:17 PM: Quarantining All Traces: screensavers.com cookie
9:17 PM: Quarantining All Traces: server.iad.liveperson cookie
9:17 PM: Quarantining All Traces: serving-sys cookie
9:17 PM: Quarantining All Traces: servlet cookie
9:17 PM: Quarantining All Traces: sextracker cookie
9:17 PM: Quarantining All Traces: specificclick.com cookie
9:17 PM: Quarantining All Traces: statcounter cookie
9:17 PM: Quarantining All Traces: tacoda cookie
9:17 PM: Quarantining All Traces: teensforcash cookie
9:17 PM: Quarantining All Traces: trafficmp cookie
9:17 PM: Quarantining All Traces: tripod cookie
9:17 PM: Quarantining All Traces: valuead cookie
9:17 PM: Quarantining All Traces: webpower cookie
9:17 PM: Quarantining All Traces: websponsors cookie
9:17 PM: Quarantining All Traces: webtrendslive cookie
9:17 PM: Quarantining All Traces: whenu savenow
9:17 PM: Quarantining All Traces: winantispyware 2005
9:17 PM: Quarantining All Traces: xmatch cookie
9:17 PM: Quarantining All Traces: yieldmanager cookie
9:17 PM: Quarantining All Traces: zedo cookie
9:18 PM: Removal process completed. Elapsed time 00:01:35
********
8:30 PM: | Start of Session, Monday, March 13, 2006 |
8:30 PM: Spy Sweeper started
8:30 PM: Your spyware definitions have been updated.
8:32 PM: | End of Session, Monday, March 13, 2006 |


thanks for helping me talk later
bye
  • 0

#9
williesbest2

williesbest2

    Visiting Staff

  • Member
  • PipPipPip
  • 892 posts
Hi ballistic69, how is your computer running? Is Internet Explorer still not responding or taking a really long time to load?

1. Post Uninstall list
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#10
ballistic69

ballistic69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hey thanks for your help it seems to run alittle better. 1 thing though i cant seem to delete my way search assistant. im berity sure its a mal-ware. also my folders take a long time to load when i click on it it takes a cople of seconds to open up. i constantly see the seach a folder icon in the middle of the window. but internet explorer seems to run better thanks to your help. if u can help me with this other stuff it will be great thanks a lot.

here is the stuff u requested

102 Dalmatians Activity Center
Ad-Aware SE Personal
Adobe Reader 7.0.7
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AVG Free Edition
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Support 5.0.0 (630)
Digital Line Detect
ewido anti-malware
FaxTools
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hoyle Kids' Games
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
JumpStart Kindergarten v2.4b
Learn2 Player (Uninstall Only)
LimeWire 4.10.3
Macromedia Flash Player 8
Macromedia Shockwave Player
Media Downloader
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Plus! Digital Media Edition Installer
Modem Helper
Mojo Jojo's Pet Project
MSN Messenger 7.5
Musicmatch for Windows Media Player
NetWaiting
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Paltalk Messenger
Paltalk Messenger
Paltalk Messenger Interop
Puppy Heaven
Pure Networks Port Magic
QuickTime
Reader Rabbit Preschool
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SonicStage 3.4
Spy Sweeper
TaxACT 2005
TaxACT California 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip
WordPerfect Office 12

later
  • 0

Advertisements


#11
williesbest2

williesbest2

    Visiting Staff

  • Member
  • PipPipPip
  • 892 posts
Hi ballistic69. I have a couple of questions for you, before I suggest anything.

1. Do you use Limewire?
2. Do you use Paltalk?
3. Have you defragged your computer. Defragging could be causing the folders to open up slowly. If you have not defragged please follow the directions below

How to defrag your hard drive
  • Click into My Computer
  • Right click your hard drive
  • Select Properties
  • Click on the Tools tab
  • Click defragment now
  • Let your hard drive defrag, this may take a while. You may need to restart your computer. If so, restart.
Please post an updated HijackThis log, along with the answers to the above questions
  • 0

#12
ballistic69

ballistic69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
i do u lime wire and paltalk. the last time i defragged my computer was like a month or 2 ago

here is the high jack log


Logfile of HijackThis v1.99.1
Scan saved at 7:46:20 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\AOL\1110862625\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mario\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110862625\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: palstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106798635796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136953209875
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai....GAPANEL_USA.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak04.picture...US.9.1.6.20.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#13
williesbest2

williesbest2

    Visiting Staff

  • Member
  • PipPipPip
  • 892 posts
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Now please go to add/remove programs by clicking on Start>Control Panel>Add or Remove programs and find:

Java 2 Runtime Environment, SE v1.4.2_03 <- uninstall this

2. Boot into safe mode
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

3. Complete Uninstall list
Open HijackThis.
Click on "Open Misc Tools Section"
Make sure that both boxes beside "Generate StartupList Log" are checked:
  • List all minor sections(Full)
  • List Empty Sections(Complete)
Click "Generate StartupList Log".
Click "Yes" at the prompt

It will produce a Notepad. Please go to File > Save As and save it on your desktop.

Reboot into normal windows and post the contents of the notepad.
  • 0

#14
ballistic69

ballistic69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
StartupList report, 3/18/2006, 2:14:54 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\mario\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\mario\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\mario\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk = ?
palstart.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
PCMService = "C:\Program Files\Dell\Media Experience\PCMService.exe"
HostManager = C:\Program Files\Common Files\AOL\1110862625\ee\AOLSoftware.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
AOL Fast Start = "C:\Program Files\America Online 9.0\AOL.EXE" -b

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

[Setup]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*No subkeys found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\LOGON.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Scan for Viruses - My Computer (RAMIRO-ramiro ramirez).job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab31267.cab

[SysProWmi Class]
InProcServer32 = C:\WINDOWS\system32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = http://support.dell....iler/SysPro.CAB

[ZoneUpwords Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Upwords.ocx
CODEBASE = http://messenger.zon...ds.cab31267.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[MALPlaybackCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SMALPlaybackCtrl.ocx
CODEBASE = http://musicstore.co...ALStreaming.cab

[{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}]
CODEBASE = http://aolcc.aol.com...kup/qdiagcc.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1106798635796

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1136953209875

[{77E32299-629F-43C6-AB77-6A1E6D7663F6}]
CODEBASE = http://www.nick.com/.../GrooveAX27.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[{92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613}]
CODEBASE = http://a14.g.akamai....GAPANEL_USA.cab

[TLIEFlashObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLIEFlashCtrlU.dll
CODEBASE = https://echat.us.del...t/TLIEFlash.CAB

[cpbrkpie Control]
InProcServer32 = C:\WINDOWS\cpbrkpie.ocx
CODEBASE = http://a19.g.akamai....02/cpbrkpie.cab

[AOL YGP Screensaver]
InProcServer32 = C:\PROGRA~1\COMMON~1\AOL\SCREEN~1\YGPSCR~1.DLL
CODEBASE = http://pak04.picture...US.9.1.6.20.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[IWinAmpActiveX Class]
InProcServer32 = C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AmpX.dll
CODEBASE = http://cdn.digitalci....1.11_en_dl.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://zone.msn.com/...ro.cab33902.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}]
CODEBASE = http://ax.phobos.app.../ITDetector.cab

[{E5D419D6-A846-4514-9FAD-97E826C84822}]
CODEBASE = http://fdl.msn.com/z...s/heartbeat.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MSNChat45.ocx
CODEBASE = http://chat.msn.com/...s/msnchat45.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)
AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ICatch VI PC CAMERA: System32\Drivers\SPCA561.SYS (manual start)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: system32\DRIVERS\cmdide.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: system32\DRIVERS\hpn.sys (system)
HSFHWBS2: system32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
MSCSPTISRV: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Motorola iDEN P2k Device: system32\DRIVERS\P2k.sys (manual start)
PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
senfilt: system32\drivers\senfilt.sys (manual start)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SSI: SYSTEM32\Drivers\SSI.SYS (system)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} (manual start)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: system32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
Motorola USB Modem Driver: system32\DRIVERS\usbser.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 38,703 bytes
Report generated in 0.391 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only




--- em i almost clean?
thanks for your help! later
  • 0

#15
williesbest2

williesbest2

    Visiting Staff

  • Member
  • PipPipPip
  • 892 posts
Congratulations your log is clean. Please read this entire post to keep from getting reinfected. :tazz:

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP