Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfixer removal [RESOLVED]


  • This topic is locked This topic is locked

#1
bronco7447

bronco7447

    New Member

  • Member
  • Pip
  • 8 posts
Thanks for the reply, I've followed the steps, please adviseLogfile of HijackThis v1.99.1
Scan saved at 8:07:44 PM, on 9/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMT9AA.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchFilter.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {9BDFAA3F-66A7-6A2E-DA29-3FE67A8E5A9A} - C:\WINDOWS\system32\flk.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\system32\DjqIX.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [Cqdfttw] C:\WINDOWS\system32\?hkdsk.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?987488b43f314f4f9fef7f8f277c66af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?987488b43f314f4f9fef7f8f277c66af
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ac...r1154041105.EXE
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING11.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.qoolaid.c...8/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127315171156
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:50:41 PM, 9/27/2005
+ Report-Checksum: 81B813FE

+ Scan result:

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\eZulaBootExe.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.PerfectNavBHO -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.PerfectNavBHO\CLSID -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.PerfectNavBHO\CurVer -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} -> Spyware.TVMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaBootExe.InstallCtrl\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CLSID -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D} -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AF286CEA-635D-40C5-A891-B40A0F520539} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\MemoryWatcher -> Spyware.MemoryWatcher : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MemoryWatcher -> Spyware.MemoryWatcher : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEP -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TV Media -> Spyware.BroadCastPC : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Pinfo -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5251 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5318 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5696 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5699 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5731 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5752 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5768 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5993 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6002 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6006 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6044 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6055 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6183 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6216 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6220 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6300 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6306 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6367 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6369 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6374 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6377 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6474 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6476 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6512 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6689 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6721 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6723 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6725 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6726 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6737 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6745 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6786 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6882 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6977 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6998 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_7084 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5456 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5490 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5654 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5711 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5770 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5786 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5880 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5901 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5916 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6598 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6685 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6743 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6763 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_0\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5905 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6123 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6347 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6376 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7046 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7047 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7048 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7051 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7077 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_5535 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_6798 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_5913 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_6653 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_6655 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5248 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5271 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5285 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6047 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6421 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5752 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5768 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6512 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5449 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5490 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5702 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5786 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5841 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5880 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5893 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5901 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5916 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6592 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6598 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6603 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6685 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6732 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6743 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6744 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6763 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6790 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5351 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5353 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5388 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6056 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6064 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6122 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6445 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6481 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6485 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6551 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6729 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_7377 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_7378 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_7379 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_7380 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_7383 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_5610 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_5805 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6051 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6114 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6219 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6495 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6560 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7003 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5731 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6044 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6055 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6474 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6689 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6726 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6786 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6977 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6998 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5490 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5494 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5615 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5628 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5631 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5653 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5664 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5697 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5701 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5702 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5711 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5742 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5770 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5841 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5863 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5893 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5897 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5973 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6333 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6471 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6473 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6478 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6479 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6480 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6482 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6488 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6490 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6491 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6492 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6493 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6500 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6502 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6507 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6508 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6513 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6532 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6538 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6543 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6572 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6598 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6603 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6732 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6744 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_7759 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5308 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5866 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5942 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6122 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6551 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_3\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6118 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6464 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6757 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6774 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6805 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6831 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-751292547-2331278562-1263454636-1003\Software\Cydoor\Adwr_329\Loct_4�
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi bronco7447 and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.
  • Click on My Controls at the top right hand corner of the window.
  • In the left hand column, click "View Topics"
  • If you click on the title of your post, you will be taken there
2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
bronco7447

bronco7447

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ThLogfile of HijackThis v1.99.1
Scan saved at 8:52:10 AM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchFilter.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {9BDFAA3F-66A7-6A2E-DA29-3FE67A8E5A9A} - C:\WINDOWS\system32\flk.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\system32\DjqIX.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [Cqdfttw] C:\WINDOWS\system32\?hkdsk.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?987488b43f314f4f9fef7f8f277c66af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?987488b43f314f4f9fef7f8f277c66af
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ac...r1154041105.EXE
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING11.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.qoolaid.c...8/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127315171156
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

anks for the help, Trevuren, here is my reply and new HJT
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - {9BDFAA3F-66A7-6A2E-DA29-3FE67A8E5A9A} - C:\WINDOWS\system32\flk.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0614NetInstaller.exe"
    O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe"
    O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
    O4 - HKCU\..\Run: [Cqdfttw] C:\WINDOWS\system32\?hkdsk.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ac...r1154041105.EXE
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING11.cab
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.qoolaid.c...8/installer.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe
    C:\WINDOWS\system32\flk.dll
    C:\Program Files\Viewpoint<==Folder
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1<==Folder
    C:\Program Files\NaviSearch<===Folder
    C:\Documents and Settings\Owner\Application Data\wtta.exe
    C:\WINDOWS\system32\?hkdsk.exe


  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0

#5
bronco7447

bronco7447

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for your help, it seems to have worked, Thank You for working me through this Logfile of HijackThis v1.99.1
Scan saved at 2:50:40 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\system32\DjqIX.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?987488b43f314f4f9fef7f8f277c66af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?987488b43f314f4f9fef7f8f277c66af
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127315171156
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

winfixer removal. Here is my latest HJT log.
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your system has a very stubborn infection called a Peper infection. To get rid of it, please do the following:

1. Download this removal tool :
http://downloads.sub...rg/PeperFix.exe

- Start the tool and click Find and Fix.
- Reboot to finish removing what it found.
- Run the tool a second time to make certain it has completed removed Peper.

2. Reboot your computer again and post a new HijackThis log.

Regards,

Trevuren

  • 0

#7
bronco7447

bronco7447

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I recieved your e-mail regarding peper infection, ran the removal program twice and was told that there were know peper infections found. Please advise Thanks!
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\system32\DjqIX.exe

This represents your Peper infection. Here is another approach.

Your system has a Peper Infection

1. Download the Peper removal tool from HERE. Save it to your desktop.

2. You must be online to have this work and do not block any attempts for the program to connect to internet if your firewall asks permission.

2. Double click on 'uninst.exe', let it run and terminate.

3. REBOOT

4. It must be run a second time. It runs very quickly.

5. REBOOT

6. Run HijackThis and with all windows closed except for HJT, click SCAN, produce a LOG and POST it in this thread for review.


Regards,

Trevuren

  • 0

#9
bronco7447

bronco7447

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I've run the peper removal tool twice and rebooted the system twice, here is my latedt HJt log. Thanks a million for helping me!!! Logfile of HijackThis v1.99.1
Scan saved at 8:12:10 PM, on 9/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchFilter.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\system32\DjqIX.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?987488b43f314f4f9fef7f8f277c66af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?987488b43f314f4f9fef7f8f277c66af
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127315171156
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\system32\DjqIX.exe


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\WINDOWS\system32\DjqIX.exe

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0

#11
bronco7447

bronco7447

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I've followed your instructions, and attached a new HJT log, I see the two items in question are gone. please advise, and again Thank You!!!Logfile of HijackThis v1.99.1
Scan saved at 9:42:30 AM, on 9/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/229?987488b43f314f4f9fef7f8f277c66af
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-us\msntabres.dll/230?987488b43f314f4f9fef7f8f277c66af
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127315171156
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.

Trevuren
  • 0

#13
bronco7447

bronco7447

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything seems to be running fine, OK and thanks!!
  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Click Yes to confirm. Click OK.
2. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP