Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - tzielinski

Pages: [1]

Tech Clinic / Slow and filled with Spyware

« on: April 25, 2005, 12:44:10 AM »

Hmmmm...I did everything you told me, and it doesn't seem to exist.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />
But everything else seems to be working properly, and with that I am hopefully posting my last Hijack log...YAY!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

I would also like to thank you for your time and trouble. I really appreciate it! Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 1:40:24 AM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iO\web\bin\server.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tobiasz\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: iOWebServer.lnk = C:\Program Files\iO\web\bin\server.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Tech Clinic / Slow and filled with Spyware

« on: April 24, 2005, 11:41:20 PM »

Hmmm....I couldn't find the file c:\d25c119d.hta. Everything else went flawlessly.

Logfile of HijackThis v1.99.1
Scan saved at 12:38:16 AM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ltmsg.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iO\web\bin\server.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tobiasz\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: iOWebServer.lnk = C:\Program Files\iO\web\bin\server.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]
"Steam" = "C:\Program Files\Steam\Steam.exe -silent" ["Valve Corporation"]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"LTWinModem1" = "ltmsg.exe 9" ["LUCENT TECHNOLOGIES"]
"AHQInit" = "C:\Program Files\Creative\SBLive\Program\AHQInit.exe" ["Creative Technology Ltd"]
"MoneyStartUp10.0" = ""C:\Program Files\Microsoft Money\System\Activation.exe"" [MS]
"NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" ["Symantec Corporation"]
"AdaptecDirectCD" = ""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"Dell|Alert" = "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [empty string]
"IMJPMIG8.1" = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" [MS]
"IMEKRMIG6.1" = "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [MS]
"MSPY2002" = "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"PHIME2002ASync" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"POINTER" = "point32.exe" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Optimum Online" = "C:\Program Files\Optimum Online\Netsurf.exe -tray" ["Netsurfer, Inc."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"imjpmig" = "C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload" [MS]
"mmtask" = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" ["TODO: <Company name>"]
"DeadAIM" = "rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs" [MS]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["
Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "America Online"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll" ["America Online, Inc."]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Share-to-Web Upload Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshellext.dll" ["RealNetworks"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}" = "The Core Media Player Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL" [null data]
"{C14F7681-33D8-11D3-A09B-00500402F30B}" = "iO"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iO\iomenu.dll" [empty string]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is enabled.

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Bliss.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = "Security"
"Source" = "C:\WINDOWS\Web\desktop.html"
"SubscribedURL" = "C:\WINDOWS\Web\desktop.html"

Startup items in "Tobiasz" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Tobiasz\Start Menu\Programs\Startup
"iOWebServer" -> shortcut to: "C:\Program Files\iO\web\bin\server.exe" ["Sambar Technologies"]
"Webshots" -> shortcut to: "C:\Program Files\Webshots\Launcher.exe /t" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"America Online 8.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 8.0\aoltray.exe -check" [file not found]
"AOL Companion" -> shortcut to: "C:\Program Files\AOL Companion\companion.exe /s" [null data]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]

Enabled Scheduled Tasks:
------------------------

"ISP signup reminder 3" -> launches: "C:\WINDOWS\System32\OOBE\OOBEBALN.EXE /sys /i /n:3" [MS]
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\
-> {CLSID}\(Default) = "Real.com"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}\
(Default) = "MoneySide"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]

HOSTS file
----------

C:\WINDOWS\SYSTEM32\Drivers\Etc\HOSTS

maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Auto Protect Service, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
SAP Agent, NwSapAgent, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]

----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

Tech Clinic / Slow and filled with Spyware

« on: April 24, 2005, 07:27:50 PM »

Sorry, but the other post cut off the scandump.txt

Scan Control Dumped @ 20:14:23 24-04-05
(DELETED) Positive identification: TrojanDownloader.Win32.CWS.k
File: c:\6ecb2699.exe

Suspicious Filename: HTA file in suspicious location
File: c:\d25c119d.hta

Suspicious Filename: Dual extensions
File: c:\cygwin\bin\dumpgdbm-1.5.2.exe

Suspicious Filename: Dual extensions
File: c:\cygwin\bin\gawk-3.1.4.exe

Suspicious Filename: Dual extensions
File: c:\cygwin\bin\loadgdbm-1.5.2.exe

Suspicious Filename: Dual extensions
File: c:\cygwin\bin\perl5.8.6.exe

Suspicious Filename: Dual extensions
File: c:\cygwin\bin\pgawk-3.1.4.exe

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~321395.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~333702.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~412637.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~58147.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~714730.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~790027.tmp

(DELETED) Positive identification: TrojanDownloader.Win32.WinTool
File: c:\documents and settings\mariola\local settings\temp\~795270.tmp

(DELETED) Positive identification: TrojanDownloader.Win32.WinTool
File: c:\documents and settings\mariola\local settings\temp\~796211.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~826084.tmp

(DELETED) Positive identification: TrojanDownloader.Win32.WinTool
File: c:\documents and settings\mariola\local settings\temp\~830398.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~854651.tmp

(DELETED) Positive identification: TrojanDownloader.Win32.WinTool
File: c:\documents and settings\mariola\local settings\temp\~911469.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~950458.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~950561.tmp

(DELETED) Positive identification: Adware.Wintol.g
File: c:\documents and settings\mariola\local settings\temp\~964628.tmp

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\documents and settings\mariola\local settings\temporary internet files\content.ie5\k5mbcdmz\$file[1]

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\documents and settings\mariola\local settings\temporary internet files\content.ie5\xjj5vtzc\$file[1]

(DELETED) Positive identification: TrojanDownloader.Win32.VB.df
File: c:\documents and settings\tobiasz\application data\phoenix\profiles\default\7aif9o9v.slt\cache\484dddcad01

(DELETED) Positive identification: Joke.Win32.Life
File: c:\documents and settings\tobiasz\desktop\life.exe

Suspicious Filename: Dual extensions
File: c:\documents and settings\tobiasz\desktop\mingw-3.1.0-1.exe

Suspicious Filename: Dual extensions
File: c:\documents and settings\tobiasz\desktop\the transcendentalists.doc.doc

Suspicious Filename: Dual extensions
File: c:\documents and settings\tobiasz\desktop\comp sci\python-2.3.4c1.exe

Suspicious Filename: Excessive space characters
File: c:\documents and settings\tobiasz\favorites\

? .url

Suspicious Filename: Dual extensions
File: c:\documents and settings\tobiasz\local settings\temp\key-generator 5.5.8.0.exe

(DELETED) Positive identification (DLL): TrojanDownloader.Win32.Agent.kf1 (dll)
File: c:\documents and settings\tobiasz\local settings\temp\wldr.dll

(DELETED) Positive identification: TrojanDownloader.Win32.WinTool
File: c:\documents and settings\tobiasz\local settings\temp\~1184.tmp

(DELETED) Positive identification: Adware.Wintol.p
File: c:\documents and settings\tobiasz\local settings\temp\~16807.tmp

(DELETED) Positive identification: Adware.Wintol.p
File: c:\documents and settings\tobiasz\local settings\temp\~298658.tmp

(DELETED) Positive identification: TrojanDownloader.Win32.WinTool
File: c:\documents and settings\tobiasz\local settings\temp\~3302.tmp

(DELETED) Positive identification: Adware.Wintol.p
File: c:\documents and settings\tobiasz\local settings\temp\~36350.tmp

(DELETED) Positive identification: Adware.Wintol.c
File: c:\documents and settings\tobiasz\local settings\temp\~397943.tmp

(DELETED) Positive identification: TrojanDownloader.Win32.WinTool
File: c:\documents and settings\tobiasz\local settings\temp\~589354.tmp

(DELETED) Positive identification: TrojanDownloader.Win32.WinTool
File: c:\documents and settings\tobiasz\local settings\temp\~677700.tmp

(DELETED) Positive identification: Adware.Wintol.p
File: c:\documents and settings\tobiasz\local settings\temp\~835041.tmp

(DELETED) Positive identification: Adware.Wintol.p
File: c:\documents and settings\tobiasz\local settings\temp\~842966.tmp

(DELETED) Positive identification: Adware.Wintol.p
File: c:\documents and settings\tobiasz\local settings\temp\~870121.tmp

(DELETED) Positive identification: Adware.Wintol.p
File: c:\documents and settings\tobiasz\local settings\temp\~876315.tmp

(DELETED) Positive identification: Adware.Wintol.p
File: c:\documents and settings\tobiasz\local settings\temp\~936581.tmp

(DELETED) Positive identification: Adware.Wintol.c
File: c:\documents and settings\tobiasz\local settings\temp\~952156.tmp

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\digital imaging\hpisinst\install.wse.exe

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\hp instant support di\temp\install.wse.exe

(DELETED) Positive identification: Riskware.Proxy.Hltv
File: c:\sierra\counter-strike\hltv.exe

(DELETED) Positive identification: TrojanDropper.Win32.Small.ty1
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp807\a0094994.exe

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp809\a0095074.exe

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp809\a0096075.exe

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp809\a0096110.exe

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp810\a0096116.exe

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp810\a0096132.exe

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp810\a0096149.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097158.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097159.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097160.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097161.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097162.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097163.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097164.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097165.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097166.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097167.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097168.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097169.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097170.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097171.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097172.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097173.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097174.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097175.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097176.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097177.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097178.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097179.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097180.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097181.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097182.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097183.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097184.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097185.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097186.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097187.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097188.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097189.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097190.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097191.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097192.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097193.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097194.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097195.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097196.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097197.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097198.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097199.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097200.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097201.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097202.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097203.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097204.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097205.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097206.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097207.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097208.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097209.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097210.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097211.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097212.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097213.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097214.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097215.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097216.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097217.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097218.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097219.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097220.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097221.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097222.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097223.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097224.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097225.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097226.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097227.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097228.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097229.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097230.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097231.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097232.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097233.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097234.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097235.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097236.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097237.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097238.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097239.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097240.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097241.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097242.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097243.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097244.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097245.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097246.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097247.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097248.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097249.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097250.dll

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0097266.exe

(DELETED) Positive identification (DLL): TrojanDownloader.Win32.Small.aoa (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0098295.dll

(DELETED) Positive identification: TrojanDownloader.Win32.Small.aoa
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp811\a0098296.exe

(DELETED) Positive identification (DLL): Trojan.Win32.TopAntiSpyware.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098426.dll

(DELETED) Positive identification: Trojan.Win32.TopAntiSpyware.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098427.exe

(DELETED) Positive identification: TrojanDropper.Win32.Small.vn
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098428.exe

(DELETED) Suspicious Filename: HTA file in suspicious location
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098431.hta

(DELETED) Positive identification (DLL): TrojanDownloader.Win32.Agent.ga (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098432.dll

(DELETED) Positive identification: TrojanDownloader.Win32.Small.aoa
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098435.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098439.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098440.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp812\a0098441.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098485.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098486.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098487.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098488.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098489.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098490.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098491.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098492.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098493.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098494.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098495.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098496.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098497.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098498.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098499.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098500.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098501.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098502.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098503.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098504.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098505.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098506.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098507.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098508.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098509.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098510.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098511.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098512.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098513.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098514.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098515.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098516.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098517.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098518.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098519.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098520.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098521.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098522.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098523.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098524.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098525.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098526.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098527.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098528.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098529.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098530.dll

(DELETED) Positive identification: Trojan.Win32.WebSearch.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098531.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i1 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp813\a0098532.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp825\a0101123.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp825\a0101243.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp825\a0103244.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp825\a0103276.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp826\a0104325.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0105387.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0105405.dll

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106445.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106446.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106446.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106448.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106450.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106451.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106451.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106453.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106455.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106456.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106456.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106458.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106460.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106461.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106461.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106463.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106465.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106466.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106466.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106468.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106470.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106471.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106471.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106473.exe

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106475.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106475.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106477.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106479.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106480.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106480.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106482.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106484.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106485.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106485.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106487.exe

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106489.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106489.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106491.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106493.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106494.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106494.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106496.exe

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106498.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106498.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106500.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106503.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106504.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106504.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106506.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106508.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106509.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106509.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106511.exe

(DELETED) Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106513.dll

(DELETED) Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106514.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i2
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106514.exe

(DELETED) Positive identification: Trojan.Win32.WebSearch.i3
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106516.exe

(DELETED) Positive identification: Trojan.Win32.TopAntiSpyware.i
File: c:\system volume information\_restore{31414675-6cbe-4639-8f67-8c2e395d7683}\rp827\a0106518.exe

(DELETED) Positive identification (DLL): TrojanDownloader.Win32.Agent.kf1 (dll)
File: c:\windows\wldr.dll

(DELETED) Positive identification (DLL): TrojanDownloader.Win32.Small.aoa (dll)
File: c:\windows\system32\srdrv32.dll

(DELETED) Positive identification (DLL): Trojan.Win32.TopAntiSpyware.i (dll)
File: c:\windows\system32\srpcsrv32.dll

(DELETED) Positive identification (DLL): TrojanDownloader.Win32.Small.aoa (dll)
File: c:\windows\system32\srvc32.dll

(DELETED) Positive identification (DLL): Trojan.Win32.TopAntiSpyware.i (dll)
File: c:\windows\system32\txfdb32.dll

(DELETED) Positive identification (DLL): TrojanDownloader.Win32.Agent.kf1 (dll)
File: c:\windows\system32\wldr.dll

(DELETED) Positive identification: TrojanDropper.Win32.Small.uy
File: c:\windows\system32\x.exe

(DELETED) Positive identification (DLL): Adware.WildTangent.b (dll)
File: c:\windows\wt\wtvh.dll

Tech Clinic / Slow and filled with Spyware

« on: April 24, 2005, 07:25:11 PM »

ok...I did all of the following.
Here is the Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 8:19:16 PM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ltmsg.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iO\web\bin\server.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tobiasz\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: iOWebServer.lnk = C:\Program Files\iO\web\bin\server.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Tech Clinic / Slow and filled with Spyware

« on: April 23, 2005, 09:58:29 PM »

Ok, the only problems I encountered is that i couldn't find the file C:\WINDOWS\System32\srvc32.exe, it looked like C:\WINDOWS\System32\srvc32.dll. So i didn't delete it. Thank a lot for the help.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:31 PM, on 4/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ltmsg.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iO\web\bin\server.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Tobiasz\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: iOWebServer.lnk = C:\Program Files\iO\web\bin\server.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Tech Clinic / Slow and filled with Spyware

« on: April 22, 2005, 07:19:59 PM »

hey guys. recently my computer has been running slower than usual, and I have had to start it in safe mode in order to get anything working propely, ebcause otherwise it works so slow. I ran hijiack in safe mode, so i don't know if thats going to be a problem.

Logfile of HijackThis v1.99.1
Scan saved at 8:15:57 PM, on 4/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{10FFEA75-5728-4D8E-8BB4-2C66BABC7191}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{10FFEA75-5728-4D8E-8BB4-2C66BABC7191}\SECURITY.EXE
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - tzielinski

Tech Clinic / Slow and filled with Spyware

Tech Clinic / Slow and filled with Spyware

Tech Clinic / Slow and filled with Spyware

Tech Clinic / Slow and filled with Spyware

Tech Clinic / Slow and filled with Spyware

Tech Clinic / Slow and filled with Spyware