antispyware problem popups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
E

egzemplar

Thread Starter
Joined
Nov 7, 2007
Messages
5
I have the same problem as a another member with antyspyware popups. I was wondering if you can lead me step by step trough the proces because there were some things i didnt understand in the log mentioned above.
Thanks!
 
E

egzemplar

Thread Starter
Joined
Nov 7, 2007
Messages
5
ComboFix 07-11-08.1 - Luka 2007-11-07 19:52:49.1 - NTFSx86
Running from: F:\Documents and Settings\TEMP\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 12:52 <DIR> d-------- F:\Program Files\Webteh
2007-11-07 19:51 51,200 --a------ F:\WINDOWS\NirCmd.exe
2007-11-03 17:03 <DIR> d-------- F:\WINDOWS\Sun
2007-11-01 00:04 <DIR> d-------- F:\Thief
2007-10-31 23:35 217,088 --a------ F:\WINDOWS\system32\libmySQL.dll
2007-10-31 23:35 102,400 --a------ F:\WINDOWS\system32\TrackerNET.dll
2007-10-31 22:17 <DIR> d-------- F:\SIERRA
2007-10-31 20:12 <DIR> d-------- F:\WINDOWS\solcache
2007-10-31 20:04 <DIR> d-------- F:\Program Files\Sierra On-Line
2007-10-31 13:08 <DIR> d-------- F:\Program Files\Alwil Software
2007-10-31 13:08 801,144 --a------ F:\WINDOWS\system32\aswBoot.exe
2007-10-31 13:08 95,608 --a------ F:\WINDOWS\system32\AvastSS.scr
2007-10-31 13:08 94,416 --a------ F:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-31 13:08 92,848 --a------ F:\WINDOWS\system32\drivers\aswmon.sys
2007-10-31 13:08 42,912 --a------ F:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-31 13:08 26,624 --a------ F:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-31 13:08 23,152 --a------ F:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-31 02:56 <DIR> d---s---- F:\WINDOWS\system32\Microsoft
2007-10-31 02:56 <DIR> d-------- F:\Program Files\Lavasoft
2007-10-31 02:56 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-31 02:11 <DIR> d-------- F:\Program Files\Online Add-on
2007-10-31 02:11 <DIR> d-a------ F:\Documents and Settings\All Users\Application Data\TEMP
2007-10-30 13:45 68,960 --a------ F:\WINDOWS\system32\drivers\Pcatip.sys
2007-10-30 13:45 35,936 --a------ F:\WINDOWS\system32\drivers\Pcouffin.sys
2007-10-29 20:20 <DIR> d-------- F:\Program Files\Google
2007-10-26 18:27 <DIR> d-------- F:\Program Files\T-Com ADSL driver
2007-10-25 19:42 <DIR> d-------- F:\Program Files\T-Com MAXadsl CD-ROM
2007-10-17 19:37 <DIR> d-------- F:\WINDOWS\system32\cache600
2007-10-17 19:32 <DIR> d-------- F:\Program Files\WhereIsIt
2007-10-17 19:30 <DIR> d-------- F:\Program Files\Java
2007-10-17 19:30 <DIR> d-------- F:\Program Files\Common Files\Java
2007-10-17 19:30 <DIR> d-------- F:\j2sdk1.4.2_07
2007-10-17 19:28 <DIR> d-------- F:\Program Files\LookSmart Toolbar
2007-10-17 19:28 <DIR> d-------- F:\Program Files\eXeem
2007-10-17 19:27 <DIR> d-------- F:\Program Files\eMule
2007-10-17 19:27 <DIR> d-------- F:\Program Files\BitTornado
2007-10-17 19:25 <DIR> d-------- F:\Program Files\BitTorrent
2007-10-12 14:30 <DIR> d-------- F:\Program Files\Call of Duty
2007-10-11 16:36 49,152 --a------ F:\WINDOWS\Iniexpander.exe
2007-10-11 16:16 <DIR> d-------- F:\Program Files\Red Storm Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 16:51 --------- d-----w F:\Program Files\ExplorerXP
2007-10-31 12:39 --------- d-----w F:\Program Files\RADVideo
2007-10-31 11:40 --------- d-----w F:\Program Files\AVPersonal
2007-10-31 01:55 --------- d-----w F:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 01:39 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-16 16:44 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-10-13 19:17 --------- d-----w F:\Program Files\Microsoft Games
2007-10-11 16:00 163,644 ----a-w F:\WINDOWS\system32\drivers\secdrv.sys
2007-10-06 23:14 --------- d-----w F:\Program Files\Sony
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
2007-10-31 02:11 12288 --a------ F:\Program Files\Online Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= F:\Program Files\Online Add-on\ictmdl.dll [2007-10-31 02:11 80384]

[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWBMOUSE"="F:\Program Files\Kentronix\Wheel Mouse\2.0\lwbwheel.exe" [2000-04-27 02:05]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-04 20:10]
"CARPService"="carpserv.exe" [2001-12-23 12:02 F:\WINDOWS\system32\carpserv.exe]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2004-10-12 21:50]
"Share-to-Web Namespace Daemon"="F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
"LXSUPMON"="F:\WINDOWS\System32\LXSUPMON.exe" [2001-10-09 17:06]
"RemoteControl"="F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"AVGCtrl"="F:\Program Files\AVPersonal\AVGNT.exe" [2004-04-08 13:35]
"AVSCHED32"="F:\Program Files\AVPersonal\AVSched32.exe" [2004-03-17 15:01]
"WinampAgent"="F:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50]
"DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"SunJavaUpdateSched"="F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe" [2005-01-15 11:24]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-19 19:33:05]
Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [2004-10-12 21:22:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7dfa04a9-5e60-458b-ace4-4a7613504e8d}"= F:\WINDOWS\System32\itdtjjf.dll [2007-10-31 01:52 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="lsass.exe"


.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 19:57:24
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-08 19:58:49 - machine was rebooted
.
--- E O F ---
 
E

egzemplar

Thread Starter
Joined
Nov 7, 2007
Messages
5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31, on 2007-11-08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\AVPersonal\AVGUARD.EXE
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Kentronix\Wheel Mouse\2.0\lwbwheel.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\WINDOWS\System32\carpserv.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\WINDOWS\System32\LXSUPMON.EXE
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\AVPersonal\AVGNT.EXE
F:\Program Files\AVPersonal\AVSched32.EXE
F:\Program Files\Winamp\winampa.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\internet explorer\iexplore.exe
F:\WINDOWS\System32\DllHost.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\msiexec.exe
F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - F:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - F:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - F:\PROGRA~1\AdShield\AdShield\AdShield.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - F:\Program Files\Online Add-on\isfmdl.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - F:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - F:\Program Files\LookSmart Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - F:\Program Files\Online Add-on\ictmdl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] F:\Program Files\Kentronix\Wheel Mouse\2.0\lwbwheel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LXSUPMON] F:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] F:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] F:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O22 - SharedTaskScheduler: decompoundly - {7dfa04a9-5e60-458b-ace4-4a7613504e8d} - F:\WINDOWS\System32\itdtjjf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7985 bytes
 
E

egzemplar

Thread Starter
Joined
Nov 7, 2007
Messages
5
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/09/2007 at 00:09 AM

Application Version : 3.9.1008

Core Rules Database Version : 3339
Trace Rules Database Version: 1340

Scan type : Complete Scan
Total Scan Time : 03:21:37

Memory items scanned : 427
Memory threats detected : 1
Registry items scanned : 5103
Registry threats detected : 152
File items scanned : 99787
File threats detected : 78

Trojan.Smitfraud Variant
F:\WINDOWS\SYSTEM32\ITDTJJF.DLL
F:\WINDOWS\SYSTEM32\ITDTJJF.DLL
HKLM\Software\Classes\CLSID\{7dfa04a9-5e60-458b-ace4-4a7613504e8d}
HKCR\CLSID\{7DFA04A9-5E60-458B-ACE4-4A7613504E8D}
HKCR\CLSID\{7DFA04A9-5E60-458B-ACE4-4A7613504E8D}\InProcServer32
HKCR\CLSID\{7DFA04A9-5E60-458B-ACE4-4A7613504E8D}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{7dfa04a9-5e60-458b-ace4-4a7613504e8d}

Adware.MyWay
HKLM\Software\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32#ThreadingModel
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\Programmable
F:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL
HKLM\Software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
F:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
HKLM\Software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\HELPDIR
HKCR\MyWayToolBar.NetscapeShutdown
HKCR\MyWayToolBar.NetscapeShutdown\CLSID
HKCR\MyWayToolBar.NetscapeShutdown\CurVer
HKCR\MyWayToolBar.NetscapeShutdown.1
HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
HKCR\MyWayToolBar.NetscapeStartup
HKCR\MyWayToolBar.NetscapeStartup\CLSID
HKCR\MyWayToolBar.NetscapeStartup\CurVer
HKCR\MyWayToolBar.NetscapeStartup.1
HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
HKCR\MyWayToolBar.SettingsPlugin
HKCR\MyWayToolBar.SettingsPlugin\CLSID
HKCR\MyWayToolBar.SettingsPlugin\CurVer
HKCR\MyWayToolBar.SettingsPlugin.1
HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout
F:\Program Files\MyWay\myBar\1.bin
F:\Program Files\MyWay\myBar\Cache\0001A4F5.bin
F:\Program Files\MyWay\myBar\Cache\0001B2EF.bin
F:\Program Files\MyWay\myBar\Cache\0001C389.bin
F:\Program Files\MyWay\myBar\Cache\0001D106.bin
F:\Program Files\MyWay\myBar\Cache\0057A90A
F:\Program Files\MyWay\myBar\Cache\00EF8BCA
F:\Program Files\MyWay\myBar\Cache\files.ini
F:\Program Files\MyWay\myBar\Cache
F:\Program Files\MyWay\myBar\History\search
F:\Program Files\MyWay\myBar\History
F:\Program Files\MyWay\myBar\Settings\prevcfg.htm
F:\Program Files\MyWay\myBar\Settings
F:\Program Files\MyWay\myBar
F:\Program Files\MyWay\SrchAstt\1.bin
F:\Program Files\MyWay\SrchAstt\Cache\00011170
F:\Program Files\MyWay\SrchAstt\Cache\000BF70C
F:\Program Files\MyWay\SrchAstt\Cache\files.ini
F:\Program Files\MyWay\SrchAstt\Cache
F:\Program Files\MyWay\SrchAstt
F:\Program Files\MyWay

Trojan.Media-Codec/V4
HKLM\Software\Classes\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\Implemented Categories
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\InprocServer32
HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\InprocServer32#ThreadingModel
F:\PROGRAM FILES\ONLINE ADD-ON\ICTMDL.DLL
HKLM\Software\Classes\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}
HKCR\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}
HKCR\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}#xxx
HKCR\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}\InprocServer32
HKCR\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}\InprocServer32#ThreadingModel
F:\PROGRAM FILES\ONLINE ADD-ON\ISFMDL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString
F:\PROGRAM FILES\ONLINE ADD-ON\ICMNTR.EXE
F:\PROGRAM FILES\ONLINE ADD-ON\ICTHIS.EXE
F:\PROGRAM FILES\ONLINE ADD-ON\ICTUN.EXE
F:\PROGRAM FILES\ONLINE ADD-ON\ICUN.EXE
F:\PROGRAM FILES\ONLINE ADD-ON\ISFUN.EXE
F:\WINDOWS\Prefetch\ICMNTR.EXE-3090BDB8.pf
F:\WINDOWS\Prefetch\ICTHIS.EXE-390AB149.pf

Adware.LookSmart
HKLM\Software\Classes\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\Implemented Categories
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\InprocServer32
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\InprocServer32#ThreadingModel
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\ProgID
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\Programmable
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\TypeLib
HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\VersionIndependentProgID
F:\PROGRAM FILES\LOOKSMART TOOLBAR\TOOLBAR.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}
HKCR\XBTB01232.XBTB01232.1
HKCR\XBTB01232.XBTB01232.1\CLSID
HKCR\XBTB01232.XBTB01232
HKCR\XBTB01232.XBTB01232\CLSID
HKCR\XBTB01232.XBTB01232\CurVer
HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}
HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0
HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0\0
HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0\0\win32
HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0\FLAGS
HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0\HELPDIR

Unclassified.Unknown Origin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SystemCheck2

Adware.Tracking Cookie
F:\Documents and Settings\Luka.LUKA-D65VAK03R2\Cookies\[email protected][1].txt

Browser Hijacker.Favorites
F:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url
F:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url
F:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url
F:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url
F:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url
F:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url
F:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url
F:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url
F:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url
F:\Documents and Settings\All Users\Favorites\Online Pharmacy\CHEAPEST VIAGRA ONLINE.url
F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Cialis at HALF PRICE!.url
F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Fast Way To Loose Your Weight!.url
F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Guaranteed low price at Pills..url
F:\Documents and Settings\All Users\Favorites\Online Pharmacy\SOMA at Special LOW PRICE.url
F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Tramadol Special Offer!.url
F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Try New VIAGRA! Works Faster and Longer!.url
F:\Documents and Settings\All Users\Favorites\Online Pharmacy
F:\Documents and Settings\All Users\Favorites\Sex and Dating\Meet Girls Who Want To Get Laid!.url
F:\Documents and Settings\All Users\Favorites\Sex and Dating\Meet Horny Girls In Your Area!.url
F:\Documents and Settings\All Users\Favorites\Sex and Dating\Read profiles and Chat With Nude Girls!.url
F:\Documents and Settings\All Users\Favorites\Sex and Dating\SEX Dating - people looking for SEX.url
F:\Documents and Settings\All Users\Favorites\Sex and Dating\View XXX photos of Real Sexy Girls..url
F:\Documents and Settings\All Users\Favorites\Sex and Dating
F:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Easy Detect and Uninstall Spyware..url
F:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Free Spyware Scanner..url
F:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Search & Destroy Annoying Adware..url
F:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Stop PopUps on your PC..url
F:\Documents and Settings\All Users\Favorites\Spyware Uninstall

Trojan.Security Toolbar
F:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
F:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Rogue.AntiSpywareShield
C:\PROGRAM FILES\ANTISPYWARESHIELD\ANTISPYWARESHIELD.EXE

Trojan.Unknown Origin
F:\PROGRAM FILES\ONLINE ADD-ON\OT.ICO
F:\PROGRAM FILES\ONLINE ADD-ON\TS.ICO
F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716866.EXE

Malware.AntiVirGear
F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716112.EXE

Trojan.DOmen
F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716865.EXE
F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716867.EXE

Malware.KillAndClean
F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716869.EXE

Malware.LocusSoftware Inc/BestSellerAntivirus
F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP386\A0730516.EXE

Trace.Known Threat Sources
F:\Documents and Settings\Luka\Local Settings\Temporary Internet Files\Content.IE5\012345OP\pc[1].gif
F:\Documents and Settings\Luka\Local Settings\Temporary Internet Files\Content.IE5\CL8HSN0B\download[1].gif
F:\Documents and Settings\Luka\Local Settings\Temporary Internet Files\Content.IE5\MZUPCLY5\popup[1].js
F:\Documents and Settings\Luka\Local Settings\Temporary Internet Files\Content.IE5\CL8HSN0B\pre[1].js
 
E

egzemplar

Thread Starter
Joined
Nov 7, 2007
Messages
5
Now a new problem showed up. I cant run windows as the administrator anymore. I get to the screen where I write my administrator password the desktop loads but it crashes within minutes. Im now a guest on my own computer.
What should I do?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 339 (members: 8, guests: 331)
Top