There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Windows Vista
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Operating Systems > Windows Vista >
new comp with vista problems


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
cppgy330's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Apr 2007
Experience: Beginner
03-Apr-2007, 12:47 AM #1
Exclamation new comp with vista problems
ok im pretty sure this isnt the right place for this post but i didnt get a response in te security section...im assuming its because Smithfraud wont work..but here's the deal...any help is greatly appreciated:

ok so i just got this laptop with windows vista on it and i ws checking myspace and a girl wa friending me so i went there and it said i needed a download to view her profile(i know thats where it came from) but now i get the annoying warning sign in my tray saying to click on the balloon to fix the problem and i am also the only user on this computer so obviously i have administrative rights but when i try to install the HJT and Smithfraud it wont let me save in the c drive...this is all very confusing and frustrating please help me

here is the HJT log..it had some errors so can someone please help


An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.00.1904
MSIE version: 7.0.6000.16386
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

Logfile of HijackThis v1.99.1
Scan saved at 11:48:28 PM, on 4/2/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Video Access ActiveX Object\pmmnt.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\4295\SiteAdv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\Michael\Desktop\HijackThis.exe
C:\Windows\System32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=MT3705
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=MT3705
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4295\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4295\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\SpywareLocked.exe /h
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4295\SiteAv.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4295\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0156751175570288) (0156751175570288mcinstcleanup) - Unknown owner - C:\Windows\TEMP\015675~1.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4295\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
dvk01's Avatar
Moderator with 24,543 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
04-Apr-2007, 08:41 AM #2
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Processes group click Non-Microsoft
    • In the Win32 Services group click Non-Microsoft
    • In the Driver Services group click Non-Microsoft
    • In the Registry group click Non-Microsoft
    • In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
    • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
    • In the File String Search group select Non-Microsoft

    On the extra scans list press select all
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
Use the Reply button and attach the notepad file here . I will review it when it comes in.
__________________
Derek
Microsoft MVP/Windows - Security
For help with spyware or hijackers thespykiller

please help me by donating to help keep the Hedgehog Rescue Centre running
We Care about Animals and the Environment
cppgy330's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Apr 2007
Experience: Beginner
04-Apr-2007, 06:46 PM #3
it had an error message saying that the list index was out of bonds (0)
cppgy330's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Apr 2007
Experience: Beginner
04-Apr-2007, 06:46 PM #4
out of bounds (0) ***
dvk01's Avatar
Moderator with 24,543 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Apr-2007, 02:59 AM #5
well I know this does work on vista & will normally clean this one up

none of the other tools we have seem to fully work on vista yet

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory Objects
    • Sweep Windows Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
__________________
Derek
Microsoft MVP/Windows - Security
For help with spyware or hijackers thespykiller

please help me by donating to help keep the Hedgehog Rescue Centre running
We Care about Animals and the Environment
JDonner's Avatar
Member with 59 posts.
  
Join Date: Jun 2006
05-Apr-2007, 11:58 AM #6
Maybe someone trying to send you a file with the wrong intentions? Not all girls are actually girls online you know.
cppgy330's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Apr 2007
Experience: Beginner
05-Apr-2007, 12:17 PM #7
oh believe me i know heh
cppgy330's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Apr 2007
Experience: Beginner
05-Apr-2007, 01:15 PM #8
ok i did all that but im still gettin the fake alerts but it said it deleted that...also when i installed the spysweeper it asked if i wanted t do just the spysweeper or the spysweeper and antivirus..i just did te spysweeper since u didnt say anything about the antivirus...although i do have a 90 day mcafee w/ the comp that i installed..which isnt really helping anyway...

1:06 PM: Removal process completed. Elapsed time 00:00:35
1:06 PM: Quarantining All Traces: zedo cookie
1:06 PM: Quarantining All Traces: coremetrics cookie
1:06 PM: Quarantining All Traces: trafficmp cookie
1:06 PM: Quarantining All Traces: reliablestats cookie
1:06 PM: Quarantining All Traces: statcounter cookie
1:06 PM: Quarantining All Traces: specificclick.com cookie
1:06 PM: Quarantining All Traces: serving-sys cookie
1:06 PM: Quarantining All Traces: realmedia cookie
1:06 PM: Quarantining All Traces: overture cookie
1:06 PM: Quarantining All Traces: inet-traffic.com cookie
1:06 PM: Quarantining All Traces: clickzs cookie
1:06 PM: Quarantining All Traces: tribalfusion cookie
1:06 PM: Quarantining All Traces: sextracker cookie
1:06 PM: Quarantining All Traces: clickbank cookie
1:06 PM: Quarantining All Traces: casalemedia cookie
1:06 PM: Quarantining All Traces: bs.serving-sys cookie
1:06 PM: Quarantining All Traces: falkag cookie
1:06 PM: Quarantining All Traces: aptimus cookie
1:06 PM: Quarantining All Traces: tacoda cookie
1:06 PM: Quarantining All Traces: primaryads cookie
1:06 PM: Quarantining All Traces: pointroll cookie
1:06 PM: Quarantining All Traces: addynamix cookie
1:06 PM: Quarantining All Traces: adrevolver cookie
1:06 PM: Quarantining All Traces: yieldmanager cookie
1:06 PM: Quarantining All Traces: questionmarket cookie
1:06 PM: Quarantining All Traces: mediaplex cookie
1:06 PM: Quarantining All Traces: ru4 cookie
1:06 PM: Quarantining All Traces: atwola cookie
1:06 PM: Quarantining All Traces: atlas dmt cookie
1:06 PM: Quarantining All Traces: advertising cookie
1:06 PM: Quarantining All Traces: 2o7.net cookie
1:06 PM: Quarantining All Traces: coolwebsearch (cws)
1:06 PM: Quarantining All Traces: virusburst fakealert
1:06 PM: Quarantining All Traces: trojan-downloader-zlob
1:06 PM: Removal process initiated
1:05 PM: Traces Found: 57
1:05 PM: Custom Sweep has completed. Elapsed time 00:27:42
1:05 PM: File Sweep Complete, Elapsed Time: 00:21:20
1:01 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
12:56 PM: C:\Users\Michael\Favorites\Online Security Test.url (ID = 394048)
12:56 PM: Found Adware: virusburst fakealert
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_hgeher9nceh1rpx". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_ybrbi2kzrkytm15". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_pmsbky4zfjkgzib". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_nilwha7mpxjvsqv". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_kxuvjyxgs9e94ad". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_g8h4kb5tyf8hxqr". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_gbivaicbacvrmla". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_myeceuoi279te9k". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_twffvtqwprdrnc8". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_0n1mf3ajhokfqvs". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\serviceprofiles\localservice\appdata\local\temp\racb144.tmp ". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\temp\sqlite_zcys5ewu7xsze30". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\users\michael\appdata\local\google\google desktop\a0916f1fd6cc\dbdam". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\users\michael\appdata\local\google\google desktop\a0916f1fd6cc\dbeam". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\system32\config\system.log2". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\system32\config\software.log2". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\system32\config\security.log2". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log2". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\system32\config\default.log2". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\system32\config\components.log2". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\serviceprofiles\networkservice\ntuser.dat.log2". The operation completed successfully
12:56 PM: Warning: Failed to open file "c:\windows\serviceprofiles\localservice\ntuser.dat.log2". The operation completed successfully
12:55 PM: Warning: Failed to open file "c:\users\michael\appdata\local\microsoft\windows\usrclass.dat.log2". The operation completed successfully
12:55 PM: Warning: Failed to open file "c:\users\michael\ntuser.dat.log2". The operation completed successfully
12:43 PM: Starting File Sweep
12:43 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@zedo[1].txt (ID = 3762)
12:43 PM: Found Spy Cookie: zedo cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@twci .coremetrics[1].txt (ID = 2472)
12:43 PM: Found Spy Cookie: coremetrics cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@trib alfusion[1].txt (ID = 3589)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@traf ficmp[1].txt (ID = 3581)
12:43 PM: Found Spy Cookie: trafficmp cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@taco da[1].txt (ID = 6444)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@stat s1.reliablestats[2].txt (ID = 3254)
12:43 PM: Found Spy Cookie: reliablestats cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@stat counter[2].txt (ID = 3447)
12:43 PM: Found Spy Cookie: statcounter cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@spec ificclick[2].txt (ID = 3399)
12:43 PM: Found Spy Cookie: specificclick.com cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@serv ing-sys[1].txt (ID = 3343)
12:43 PM: Found Spy Cookie: serving-sys cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@real media[2].txt (ID = 3235)
12:43 PM: Found Spy Cookie: realmedia cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@perf .overture[1].txt (ID = 3106)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@over ture[1].txt (ID = 3105)
12:43 PM: Found Spy Cookie: overture cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@netw ork.aptimus[2].txt (ID = 2235)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@msnp ortal.112.2o7[1].txt (ID = 1958)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@medi aplex[1].txt (ID = 6442)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@medi a.adrevolver[1].txt (ID = 2089)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@inet-traffic[1].txt (ID = 2855)
12:43 PM: Found Spy Cookie: inet-traffic.com cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@edge .ru4[1].txt (ID = 3269)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@cz11 .clickzs[2].txt (ID = 2413)
12:43 PM: Found Spy Cookie: clickzs cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@ctxt ad.tribalfusion[1].txt (ID = 3590)
12:43 PM: Found Spy Cookie: tribalfusion cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@coun ter9.sextracker[1].txt (ID = 3362)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@coun ter4.sextracker[1].txt (ID = 3362)
12:43 PM: Found Spy Cookie: sextracker cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@clic kbank[1].txt (ID = 2398)
12:43 PM: Found Spy Cookie: clickbank cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@casa lemedia[2].txt (ID = 2354)
12:43 PM: Found Spy Cookie: casalemedia cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@bs.s erving-sys[1].txt (ID = 2330)
12:43 PM: Found Spy Cookie: bs.serving-sys cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@atwo la[1].txt (ID = 2255)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@atdm t[2].txt (ID = 2253)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@as-us.falkag[1].txt (ID = 2650)
12:43 PM: Found Spy Cookie: falkag cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@apti mus[2].txt (ID = 2233)
12:43 PM: Found Spy Cookie: aptimus cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@anad .tacoda[1].txt (ID = 6445)
12:43 PM: Found Spy Cookie: tacoda cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@aff. primaryads[1].txt (ID = 3190)
12:43 PM: Found Spy Cookie: primaryads cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@adve rtising[1].txt (ID = 2175)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@ads. pointroll[2].txt (ID = 3148)
12:43 PM: Found Spy Cookie: pointroll cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@ads. addynamix[1].txt (ID = 2062)
12:43 PM: Found Spy Cookie: addynamix cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@adre volver[1].txt (ID = 2088)
12:43 PM: Found Spy Cookie: adrevolver cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@ad.y ieldmanager[2].txt (ID = 3751)
12:43 PM: Found Spy Cookie: yieldmanager cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\low\michael@2o7[1].txt (ID = 1957)
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\michael@question market[1].txt (ID = 3217)
12:43 PM: Found Spy Cookie: questionmarket cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\michael@mediaple x[1].txt (ID = 6442)
12:43 PM: Found Spy Cookie: mediaplex cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\michael@edge.ru4[2].txt (ID = 3269)
12:43 PM: Found Spy Cookie: ru4 cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\michael@atwola[1].txt (ID = 2255)
12:43 PM: Found Spy Cookie: atwola cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\michael@atdmt[2].txt (ID = 2253)
12:43 PM: Found Spy Cookie: atlas dmt cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\michael@advertis ing[2].txt (ID = 2175)
12:43 PM: Found Spy Cookie: advertising cookie
12:43 PM: c:\users\michael\appdata\roaming\microsoft\windows\cookies\michael@2o7[2].txt (ID = 1957)
12:43 PM: Found Spy Cookie: 2o7.net cookie
12:43 PM: Starting Cookie Sweep
12:43 PM: Registry Sweep Complete, Elapsed Time:00:00:36
12:43 PM: HKU\S-1-5-21-2100950283-1507416480-3796808343-1000\software\microsoft\internet explorer\toolbar\webbrowser\ || {84938242-5c5b-4a55-b6b9-a1507543b418} (ID = 1935601)
12:43 PM: HKU\S-1-5-21-2100950283-1507416480-3796808343-1000\software\microsoft\windows\currentversion\ext\stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6}\ (ID = 1922744)
12:43 PM: Found Adware: coolwebsearch (cws)
12:43 PM: HKU\S-1-5-21-2100950283-1507416480-3796808343-1000\software\internet security\ (ID = 1553896)
12:43 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || user32.dll (ID = 1985800)
12:43 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || rare (ID = 1985799)
12:43 PM: HKLM\software\classes\videoaccessactivex.chl\ (ID = 1945683)
12:43 PM: HKCR\videoaccessactivex.chl\ (ID = 1945680)
12:43 PM: HKLM\software\classes\clsid\{84938242-5c5b-4a55-b6b9-a1507543b418}\ (ID = 1935602)
12:43 PM: HKCR\clsid\{84938242-5c5b-4a55-b6b9-a1507543b418}\ (ID = 1935583)
12:43 PM: HKLM\software\microsoft\windows\currentversion\uninstall\public messenger ver 2.03\ (ID = 1553911)
12:43 PM: Starting Registry Sweep
12:43 PM: Memory Sweep Complete, Elapsed Time: 00:05:38
12:37 PM: Starting Memory Sweep
12:37 PM: C:\Program Files\Video Access ActiveX Object\iesplugin.dll (ID = 1985803)
12:37 PM: HKCR\clsid\{84938242-5c5b-4a55-b6b9-a1507543b418}\inprocserver32\ (ID = 1985803)
12:37 PM: Found Trojan Horse: trojan-downloader-zlob
12:37 PM: Start Custom Sweep
12:37 PM: Sweep initiated using definitions version 866
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
12:36 PM: The Internet Communication shield has blocked access to: GO.SYSTEMDOCTOR.COM
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:31 PM: Shield States
12:31 PM: Spyware Definitions: 866
12:31 PM: Spy Sweeper 5.3.2.2361 started
12:31 PM: Spy Sweeper 5.3.2.2361 started
12:31 PM: | Start of Session, Thursday, April 05, 2007 |
***************


Logfile of HijackThis v1.99.1
Scan saved at 1:15:48 PM, on 4/5/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Video Access ActiveX Object\pmmnt.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\Michael\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=MT3705
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=MT3705
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [BigFix] "c:\program files\Bigfix\bigfix.exe" /atstartup
O4 - HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\SpywareLocked.exe /h
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6028\SiteAdv.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\Windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
dvk01's Avatar
Moderator with 24,543 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Apr-2007, 02:26 PM #9
I don't normally recommend this but download teh HJT beta because that shows some hidden places on vista that 1.99.1 doesn't

http://www.download.com/Trend-Micro-...-10651155.html

post back with it's log

http://www.download.com/Trend-Micro-...-10651155.html
__________________
Derek
Microsoft MVP/Windows - Security
For help with spyware or hijackers thespykiller

please help me by donating to help keep the Hedgehog Rescue Centre running
We Care about Animals and the Environment
cppgy330's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Apr 2007
Experience: Beginner
06-Apr-2007, 12:35 PM #10
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:35:42 PM, on 4/6/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Michael\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=MT3705
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=MT3705
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [BigFix] "c:\program files\Bigfix\bigfix.exe" /atstartup
O4 - HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\SpywareLocked.exe /h
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6028\SiteAdv.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - C:\Windows\system32\oyopu.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7709 bytes
cppgy330's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Apr 2007
Experience: Beginner
06-Apr-2007, 12:37 PM #11
i ran it again as an administrator:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:37:43 PM, on 4/6/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Michael\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=MT3705
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=MT3705
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [BigFix] "c:\program files\Bigfix\bigfix.exe" /atstartup
O4 - HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\SpywareLocked.exe /h
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6028\SiteAdv.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - C:\Windows\system32\oyopu.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8059 bytes
dvk01's Avatar
Moderator with 24,543 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Apr-2007, 04:06 AM #12
Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily


Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [auditadmin] C:\windows\temp\auditadmin.cmd
O4 - HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\SpywareLocked.exe /h

O22 - SharedTaskScheduler: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - C:\Windows\system32\oyopu.dll (file missing)


now Start killbox, paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window, select delete on reboot , press the red X button, say yes to the prompt and NOto reboot now then repeat for each file in turn

[Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

C:\Windows\system32\oyopu.dll
C:\Program Files\Video Access ActiveX Object\
C:\Program Files\SpywareLocked\

Then on killbox top bar press tools/delete temp files, in the pop up box towards the middle is a drop down box containing a list of all user accounts on this drop down user account box, select your account, select ALL options it will allow you to, then then press delete selected temp files , then repeat for every user account listed in that drop down box

then reboot & tell us how it is
__________________
Derek
Microsoft MVP/Windows - Security
For help with spyware or hijackers thespykiller

please help me by donating to help keep the Hedgehog Rescue Centre running
We Care about Animals and the Environment
cppgy330's Avatar
Computer Specs
Junior Member with 9 posts.
  
Join Date: Apr 2007
Experience: Beginner
07-Apr-2007, 01:06 PM #13
well the hijacking stopped the messages stopped and fake alerts stopped it looks like but my resoltion is messed up and its on the highest it will go but its still small and when i reboot the desktop items are like moved around a little bit but thx so far....u think this resolution problem is fixable?

p.s. the resolution messed up yesterday for some reason..but not after i did the killbox thing..wanted to clear that up
dvk01's Avatar
Moderator with 24,543 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Apr-2007, 01:55 PM #14
I have no idea how the vista settings work on resolution so hopefully someone who deals with vista can reply
Reply

« Previous Thread | Windows Vista | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: