1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

antispyware problem popups

Discussion in 'Virus & Other Malware Removal' started by egzemplar, Nov 7, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. egzemplar

    egzemplar Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    5
    I have the same problem as a another member with antyspyware popups. I was wondering if you can lead me step by step trough the proces because there were some things i didnt understand in the log mentioned above.
    Thanks!
     
  2. egzemplar

    egzemplar Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    5
    ComboFix 07-11-08.1 - Luka 2007-11-07 19:52:49.1 - NTFSx86
    Running from: F:\Documents and Settings\TEMP\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
    .

    2007-11-08 12:52 <DIR> d-------- F:\Program Files\Webteh
    2007-11-07 19:51 51,200 --a------ F:\WINDOWS\NirCmd.exe
    2007-11-03 17:03 <DIR> d-------- F:\WINDOWS\Sun
    2007-11-01 00:04 <DIR> d-------- F:\Thief
    2007-10-31 23:35 217,088 --a------ F:\WINDOWS\system32\libmySQL.dll
    2007-10-31 23:35 102,400 --a------ F:\WINDOWS\system32\TrackerNET.dll
    2007-10-31 22:17 <DIR> d-------- F:\SIERRA
    2007-10-31 20:12 <DIR> d-------- F:\WINDOWS\solcache
    2007-10-31 20:04 <DIR> d-------- F:\Program Files\Sierra On-Line
    2007-10-31 13:08 <DIR> d-------- F:\Program Files\Alwil Software
    2007-10-31 13:08 801,144 --a------ F:\WINDOWS\system32\aswBoot.exe
    2007-10-31 13:08 95,608 --a------ F:\WINDOWS\system32\AvastSS.scr
    2007-10-31 13:08 94,416 --a------ F:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-31 13:08 92,848 --a------ F:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-31 13:08 42,912 --a------ F:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-31 13:08 26,624 --a------ F:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-31 13:08 23,152 --a------ F:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-31 02:56 <DIR> d---s---- F:\WINDOWS\system32\Microsoft
    2007-10-31 02:56 <DIR> d-------- F:\Program Files\Lavasoft
    2007-10-31 02:56 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-31 02:11 <DIR> d-------- F:\Program Files\Online Add-on
    2007-10-31 02:11 <DIR> d-a------ F:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-30 13:45 68,960 --a------ F:\WINDOWS\system32\drivers\Pcatip.sys
    2007-10-30 13:45 35,936 --a------ F:\WINDOWS\system32\drivers\Pcouffin.sys
    2007-10-29 20:20 <DIR> d-------- F:\Program Files\Google
    2007-10-26 18:27 <DIR> d-------- F:\Program Files\T-Com ADSL driver
    2007-10-25 19:42 <DIR> d-------- F:\Program Files\T-Com MAXadsl CD-ROM
    2007-10-17 19:37 <DIR> d-------- F:\WINDOWS\system32\cache600
    2007-10-17 19:32 <DIR> d-------- F:\Program Files\WhereIsIt
    2007-10-17 19:30 <DIR> d-------- F:\Program Files\Java
    2007-10-17 19:30 <DIR> d-------- F:\Program Files\Common Files\Java
    2007-10-17 19:30 <DIR> d-------- F:\j2sdk1.4.2_07
    2007-10-17 19:28 <DIR> d-------- F:\Program Files\LookSmart Toolbar
    2007-10-17 19:28 <DIR> d-------- F:\Program Files\eXeem
    2007-10-17 19:27 <DIR> d-------- F:\Program Files\eMule
    2007-10-17 19:27 <DIR> d-------- F:\Program Files\BitTornado
    2007-10-17 19:25 <DIR> d-------- F:\Program Files\BitTorrent
    2007-10-12 14:30 <DIR> d-------- F:\Program Files\Call of Duty
    2007-10-11 16:36 49,152 --a------ F:\WINDOWS\Iniexpander.exe
    2007-10-11 16:16 <DIR> d-------- F:\Program Files\Red Storm Entertainment

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-24 16:51 --------- d-----w F:\Program Files\ExplorerXP
    2007-10-31 12:39 --------- d-----w F:\Program Files\RADVideo
    2007-10-31 11:40 --------- d-----w F:\Program Files\AVPersonal
    2007-10-31 01:55 --------- d-----w F:\Program Files\Common Files\Wise Installation Wizard
    2007-10-31 01:39 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-16 16:44 --------- d--h--w F:\Program Files\InstallShield Installation Information
    2007-10-13 19:17 --------- d-----w F:\Program Files\Microsoft Games
    2007-10-11 16:00 163,644 ----a-w F:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-06 23:14 --------- d-----w F:\Program Files\Sony
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
    2007-10-31 02:11 12288 --a------ F:\Program Files\Online Add-on\isfmdl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= F:\Program Files\Online Add-on\ictmdl.dll [2007-10-31 02:11 80384]

    [HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LWBMOUSE"="F:\Program Files\Kentronix\Wheel Mouse\2.0\lwbwheel.exe" [2000-04-27 02:05]
    "NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-04 20:10]
    "CARPService"="carpserv.exe" [2001-12-23 12:02 F:\WINDOWS\system32\carpserv.exe]
    "QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2004-10-12 21:50]
    "Share-to-Web Namespace Daemon"="F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
    "LXSUPMON"="F:\WINDOWS\System32\LXSUPMON.exe" [2001-10-09 17:06]
    "RemoteControl"="F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
    "AVGCtrl"="F:\Program Files\AVPersonal\AVGNT.exe" [2004-04-08 13:35]
    "AVSCHED32"="F:\Program Files\AVPersonal\AVSched32.exe" [2004-03-17 15:01]
    "WinampAgent"="F:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50]
    "DAEMON Tools-1033"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
    "SunJavaUpdateSched"="F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe" [2005-01-15 11:24]
    "avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

    F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-19 19:33:05]
    Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
    WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [2004-10-12 21:22:41]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{7dfa04a9-5e60-458b-ace4-4a7613504e8d}"= F:\WINDOWS\System32\itdtjjf.dll [2007-10-31 01:52 12800]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="lsass.exe"


    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-08 19:57:24
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-08 19:58:49 - machine was rebooted
    .
    --- E O F ---
     
  3. egzemplar

    egzemplar Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    5
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31, on 2007-11-08
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\System32\Ati2evxx.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    F:\Program Files\Alwil Software\Avast4\ashServ.exe
    F:\WINDOWS\system32\LEXBCES.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\system32\LEXPPS.EXE
    F:\Program Files\AVPersonal\AVGUARD.EXE
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    F:\WINDOWS\system32\Ati2evxx.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Kentronix\Wheel Mouse\2.0\lwbwheel.exe
    F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    F:\WINDOWS\System32\carpserv.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    F:\WINDOWS\System32\LXSUPMON.EXE
    F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    F:\Program Files\AVPersonal\AVGNT.EXE
    F:\Program Files\AVPersonal\AVSched32.EXE
    F:\Program Files\Winamp\winampa.exe
    F:\Program Files\D-Tools\daemon.exe
    F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
    F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Program Files\WinZip\WZQKPICK.EXE
    F:\Program Files\internet explorer\iexplore.exe
    F:\WINDOWS\System32\DllHost.exe
    F:\WINDOWS\System32\ctfmon.exe
    F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    F:\WINDOWS\System32\wuauclt.exe
    F:\WINDOWS\System32\msiexec.exe
    F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - F:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - F:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - F:\PROGRA~1\AdShield\AdShield\AdShield.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - F:\Program Files\Online Add-on\isfmdl.dll
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - F:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
    O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - F:\Program Files\LookSmart Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
    O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - F:\Program Files\Online Add-on\ictmdl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [LWBMOUSE] F:\Program Files\Kentronix\Wheel Mouse\2.0\lwbwheel.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [LXSUPMON] F:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVGCtrl] F:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVSCHED32] F:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {33331111-1131-1111-1111-611111193428} -
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O22 - SharedTaskScheduler: decompoundly - {7dfa04a9-5e60-458b-ace4-4a7613504e8d} - F:\WINDOWS\System32\itdtjjf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 7985 bytes
     
  4. egzemplar

    egzemplar Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    5
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/09/2007 at 00:09 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3339
    Trace Rules Database Version: 1340

    Scan type : Complete Scan
    Total Scan Time : 03:21:37

    Memory items scanned : 427
    Memory threats detected : 1
    Registry items scanned : 5103
    Registry threats detected : 152
    File items scanned : 99787
    File threats detected : 78

    Trojan.Smitfraud Variant
    F:\WINDOWS\SYSTEM32\ITDTJJF.DLL
    F:\WINDOWS\SYSTEM32\ITDTJJF.DLL
    HKLM\Software\Classes\CLSID\{7dfa04a9-5e60-458b-ace4-4a7613504e8d}
    HKCR\CLSID\{7DFA04A9-5E60-458B-ACE4-4A7613504E8D}
    HKCR\CLSID\{7DFA04A9-5E60-458B-ACE4-4A7613504E8D}\InProcServer32
    HKCR\CLSID\{7DFA04A9-5E60-458B-ACE4-4A7613504E8D}\InProcServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{7dfa04a9-5e60-458b-ace4-4a7613504e8d}

    Adware.MyWay
    HKLM\Software\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
    HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
    HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
    HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32
    HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32#ThreadingModel
    HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\Programmable
    F:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL
    HKLM\Software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
    F:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    HKLM\Software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0\win32
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\FLAGS
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\HELPDIR
    HKCR\MyWayToolBar.NetscapeShutdown
    HKCR\MyWayToolBar.NetscapeShutdown\CLSID
    HKCR\MyWayToolBar.NetscapeShutdown\CurVer
    HKCR\MyWayToolBar.NetscapeShutdown.1
    HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
    HKCR\MyWayToolBar.NetscapeStartup
    HKCR\MyWayToolBar.NetscapeStartup\CLSID
    HKCR\MyWayToolBar.NetscapeStartup\CurVer
    HKCR\MyWayToolBar.NetscapeStartup.1
    HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
    HKCR\MyWayToolBar.SettingsPlugin
    HKCR\MyWayToolBar.SettingsPlugin\CLSID
    HKCR\MyWayToolBar.SettingsPlugin\CurVer
    HKCR\MyWayToolBar.SettingsPlugin.1
    HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout
    F:\Program Files\MyWay\myBar\1.bin
    F:\Program Files\MyWay\myBar\Cache\0001A4F5.bin
    F:\Program Files\MyWay\myBar\Cache\0001B2EF.bin
    F:\Program Files\MyWay\myBar\Cache\0001C389.bin
    F:\Program Files\MyWay\myBar\Cache\0001D106.bin
    F:\Program Files\MyWay\myBar\Cache\0057A90A
    F:\Program Files\MyWay\myBar\Cache\00EF8BCA
    F:\Program Files\MyWay\myBar\Cache\files.ini
    F:\Program Files\MyWay\myBar\Cache
    F:\Program Files\MyWay\myBar\History\search
    F:\Program Files\MyWay\myBar\History
    F:\Program Files\MyWay\myBar\Settings\prevcfg.htm
    F:\Program Files\MyWay\myBar\Settings
    F:\Program Files\MyWay\myBar
    F:\Program Files\MyWay\SrchAstt\1.bin
    F:\Program Files\MyWay\SrchAstt\Cache\00011170
    F:\Program Files\MyWay\SrchAstt\Cache\000BF70C
    F:\Program Files\MyWay\SrchAstt\Cache\files.ini
    F:\Program Files\MyWay\SrchAstt\Cache
    F:\Program Files\MyWay\SrchAstt
    F:\Program Files\MyWay

    Trojan.Media-Codec/V4
    HKLM\Software\Classes\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
    HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
    HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
    HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\Implemented Categories
    HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\InprocServer32
    HKCR\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}\InprocServer32#ThreadingModel
    F:\PROGRAM FILES\ONLINE ADD-ON\ICTMDL.DLL
    HKLM\Software\Classes\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}
    HKCR\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}
    HKCR\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}#xxx
    HKCR\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}\InprocServer32
    HKCR\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}\InprocServer32#ThreadingModel
    F:\PROGRAM FILES\ONLINE ADD-ON\ISFMDL.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString
    F:\PROGRAM FILES\ONLINE ADD-ON\ICMNTR.EXE
    F:\PROGRAM FILES\ONLINE ADD-ON\ICTHIS.EXE
    F:\PROGRAM FILES\ONLINE ADD-ON\ICTUN.EXE
    F:\PROGRAM FILES\ONLINE ADD-ON\ICUN.EXE
    F:\PROGRAM FILES\ONLINE ADD-ON\ISFUN.EXE
    F:\WINDOWS\Prefetch\ICMNTR.EXE-3090BDB8.pf
    F:\WINDOWS\Prefetch\ICTHIS.EXE-390AB149.pf

    Adware.LookSmart
    HKLM\Software\Classes\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\Implemented Categories
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\InprocServer32
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\InprocServer32#ThreadingModel
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\ProgID
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\Programmable
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\TypeLib
    HKCR\CLSID\{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}\VersionIndependentProgID
    F:\PROGRAM FILES\LOOKSMART TOOLBAR\TOOLBAR.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}
    HKCR\XBTB01232.XBTB01232.1
    HKCR\XBTB01232.XBTB01232.1\CLSID
    HKCR\XBTB01232.XBTB01232
    HKCR\XBTB01232.XBTB01232\CLSID
    HKCR\XBTB01232.XBTB01232\CurVer
    HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}
    HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0
    HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0\0
    HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0\0\win32
    HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0\FLAGS
    HKCR\TypeLib\{170FE01B-4042-4c3e-A5C0-CD6081D1FF11}\1.0\HELPDIR

    Unclassified.Unknown Origin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SystemCheck2

    Adware.Tracking Cookie
    F:\Documents and Settings\Luka.LUKA-D65VAK03R2\Cookies\[email protected][1].txt

    Browser Hijacker.Favorites
    F:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url
    F:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url
    F:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url
    F:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url
    F:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url
    F:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url
    F:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url
    F:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url
    F:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url
    F:\Documents and Settings\All Users\Favorites\Online Pharmacy\CHEAPEST VIAGRA ONLINE.url
    F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Cialis at HALF PRICE!.url
    F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Fast Way To Loose Your Weight!.url
    F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Guaranteed low price at Pills..url
    F:\Documents and Settings\All Users\Favorites\Online Pharmacy\SOMA at Special LOW PRICE.url
    F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Tramadol Special Offer!.url
    F:\Documents and Settings\All Users\Favorites\Online Pharmacy\Try New VIAGRA! Works Faster and Longer!.url
    F:\Documents and Settings\All Users\Favorites\Online Pharmacy
    F:\Documents and Settings\All Users\Favorites\Sex and Dating\Meet Girls Who Want To Get Laid!.url
    F:\Documents and Settings\All Users\Favorites\Sex and Dating\Meet Horny Girls In Your Area!.url
    F:\Documents and Settings\All Users\Favorites\Sex and Dating\Read profiles and Chat With Nude Girls!.url
    F:\Documents and Settings\All Users\Favorites\Sex and Dating\SEX Dating - people looking for SEX.url
    F:\Documents and Settings\All Users\Favorites\Sex and Dating\View XXX photos of Real Sexy Girls..url
    F:\Documents and Settings\All Users\Favorites\Sex and Dating
    F:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Easy Detect and Uninstall Spyware..url
    F:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Free Spyware Scanner..url
    F:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Search & Destroy Annoying Adware..url
    F:\Documents and Settings\All Users\Favorites\Spyware Uninstall\Stop PopUps on your PC..url
    F:\Documents and Settings\All Users\Favorites\Spyware Uninstall

    Trojan.Security Toolbar
    F:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
    F:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

    Rogue.AntiSpywareShield
    C:\PROGRAM FILES\ANTISPYWARESHIELD\ANTISPYWARESHIELD.EXE

    Trojan.Unknown Origin
    F:\PROGRAM FILES\ONLINE ADD-ON\OT.ICO
    F:\PROGRAM FILES\ONLINE ADD-ON\TS.ICO
    F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716866.EXE

    Malware.AntiVirGear
    F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716112.EXE

    Trojan.DOmen
    F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716865.EXE
    F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716867.EXE

    Malware.KillAndClean
    F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP385\A0716869.EXE

    Malware.LocusSoftware Inc/BestSellerAntivirus
    F:\SYSTEM VOLUME INFORMATION\_RESTORE{C9CAEE1E-4794-4F9C-B53F-B08E783D2E7E}\RP386\A0730516.EXE

    Trace.Known Threat Sources
    F:\Documents and Settings\Luka\Local Settings\Temporary Internet Files\Content.IE5\012345OP\pc[1].gif
    F:\Documents and Settings\Luka\Local Settings\Temporary Internet Files\Content.IE5\CL8HSN0B\download[1].gif
    F:\Documents and Settings\Luka\Local Settings\Temporary Internet Files\Content.IE5\MZUPCLY5\popup[1].js
    F:\Documents and Settings\Luka\Local Settings\Temporary Internet Files\Content.IE5\CL8HSN0B\pre[1].js
     
  5. egzemplar

    egzemplar Thread Starter

    Joined:
    Nov 7, 2007
    Messages:
    5
    Now a new problem showed up. I cant run windows as the administrator anymore. I get to the screen where I write my administrator password the desktop loads but it crashes within minutes. Im now a guest on my own computer.
    What should I do?
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649025

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice