1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware. spyware need to remove this!!

Discussion in 'Virus & Other Malware Removal' started by mdc467, Jan 4, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. mdc467

    mdc467 Thread Starter

    Joined:
    Nov 12, 2005
    Messages:
    11
    Please help me get rid of this pop up. Here is my Hijack this scan.

    Thank you. :(


    Logfile of HijackThis v1.99.1
    Scan saved at 10:49:32 PM, on 1/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\windows\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\windows\System32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\mssearchnet.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Verizon Online\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\windows\system32\hp1D36.tmp
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Yahoo! Monitor.lnk = C:\Program Files\Encompass\EncMontr.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft3_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} - http://download.mcafee.com/molbin/clinic/virusscan/mgavinst.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131816290725
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    Download smitRem.exe

    or HERE and save the file to your desktop.
    Double click on the file to extract it to it's own folder on the desktop.

    Next, please reboot your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.

    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

    then

    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:

      • [*]Sweep Memory
        [*]Sweep Registry
        [*]Sweep Cookies
        [*]Sweep All User Accounts
        [*]Enable Direct Disk Sweeping
        [*]Sweep Contents of Compressed Files
        [*]Sweep for Rootkits
      • Please UNCHECK Do not Sweep System Restore Folder.
    • Click Sweep Now on the left side.
    • Click the Start button.
    • When it's done scanning, click the Next button.
    • Make sure everything has a check next to it, then click the Next button.
    • It will remove all of the items found.
    • Click Session Log in the upper right corner, copy everything in that window.
    • Click the Summary tab and click Finish.
    • Paste the contents of the session log you copied into your next reply.

    Post the contents of smitfiles.txt and the a new HJT log and the spysweeper report .
    Let us know if any problems persist.
     
  3. mdc467

    mdc467 Thread Starter

    Joined:
    Nov 12, 2005
    Messages:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 7:42:53 PM, on 1/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\windows\System32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Verizon Online\bin\mpbtn.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Yahoo! Monitor.lnk = C:\Program Files\Encompass\EncMontr.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft3_x.cab
    O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} - http://download.mcafee.com/molbin/clinic/virusscan/mgavinst.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131816290725
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: Wed 01/04/2006
    The current time is: 18:05:10.74

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Online Security Guide.url
    Online Security Guide.url
    Security Troubleshooting.url
    Security Troubleshooting.url


    ~~~ Favorites ~~~

    Antivirus Test Online.url

    I wasn't able to post the log from Webroot SpySweeper because the text entered was too long. I hope with the two logs I posted will be sufficient.

    Thanks for your help.

    Marisa :)
     
  4. mdc467

    mdc467 Thread Starter

    Joined:
    Nov 12, 2005
    Messages:
    11
    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: Wed 01/04/2006
    The current time is: 18:05:10.74

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Online Security Guide.url
    Online Security Guide.url
    Security Troubleshooting.url
    Security Troubleshooting.url


    ~~~ Favorites ~~~

    Antivirus Test Online.url


    ~~~ system32 folder ~~~

    wbeconm.dll
    1024 dir
    msvol.tlb
    ld****.tmp
    mssearchnet.exe
    ncompat.tlb
    nvctrl.exe
    mscornet.exe
    hp***.tmp


    ~~~ Icons in System32 ~~~

    ts.ico
    ot.ico


    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 [email protected]
    Killing PID 740 'explorer.exe'
    Killing PID 740 'explorer.exe'

    Starting registry repairs

    Deleting files


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Online Security Guide.url
    Online Security Guide.url


    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Miscellaneous Files/folders ~~~




    ~~~ Wininet.dll ~~~

    CLEAN! :)

    I noticed the the whole log did not post. Here it is.

    Thanks
     
  5. mdc467

    mdc467 Thread Starter

    Joined:
    Nov 12, 2005
    Messages:
    11
    ********
    6:21 PM: | Start of Session, Wednesday, January 04, 2006 |
    6:21 PM: Spy Sweeper started
    6:21 PM: Sweep initiated using definitions version 596
    6:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:21 PM: Starting Memory Sweep
    6:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:22 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:23 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:24 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:26 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:29 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:31 PM: Memory Sweep Complete, Elapsed Time: 00:10:11
    6:31 PM: Starting Registry Sweep
    6:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: Found Adware: weirdontheweb
    6:32 PM: HKCR\amnotifier.hubawindow\ (5 subtraces) (ID = 866632)
    6:32 PM: HKCR\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866638)
    6:32 PM: Found Adware: mediapipe
    6:32 PM: HKCR\downloadmanager.manager\ (5 subtraces) (ID = 866642)
    6:32 PM: HKCR\downloadmanager.manager.1\ (3 subtraces) (ID = 866648)
    6:32 PM: HKCR\mpagent.agent\ (5 subtraces) (ID = 866662)
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: HKCR\mpagent.agent.1\ (3 subtraces) (ID = 866668)
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: HKCR\appid\amnotifier.exe\ (1 subtraces) (ID = 866682)
    6:32 PM: HKCR\appid\downloadmanager.exe\ (1 subtraces) (ID = 866684)
    6:32 PM: HKCR\appid\mpagent.dll\ (1 subtraces) (ID = 866688)
    6:32 PM: HKCR\appid\trayicon.exe\ (1 subtraces) (ID = 866692)
    6:32 PM: HKCR\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866694)
    6:32 PM: HKCR\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866698)
    6:32 PM: HKCR\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866702)
    6:32 PM: HKCR\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866704)
    6:32 PM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866706)
    6:32 PM: HKCR\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 866735)
    6:32 PM: Found Trojan Horse: p2pnetwork
    6:32 PM: HKCR\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 866747)
    6:32 PM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 866796)
    6:32 PM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 866816)
    6:32 PM: HKCR\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 866826)
    6:32 PM: HKCR\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 866836)
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: HKLM\software\altpayments\ (22 subtraces) (ID = 866864)
    6:32 PM: HKLM\software\mediapipe\ (16 subtraces) (ID = 866893)
    6:32 PM: HKLM\software\classes\amnotifier.hubawindow\ (5 subtraces) (ID = 866911)
    6:32 PM: HKLM\software\classes\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866917)
    6:32 PM: HKLM\software\classes\amnotifier.hubawindow.1\clsid\ (1 subtraces) (ID = 866919)
    6:32 PM: HKLM\software\classes\downloadmanager.manager\ (5 subtraces) (ID = 866921)
    6:32 PM: HKLM\software\classes\downloadmanager.manager.1\ (3 subtraces) (ID = 866927)
    6:32 PM: HKLM\software\classes\mpagent.agent\ (5 subtraces) (ID = 866941)
    6:32 PM: HKLM\software\classes\mpagent.agent.1\ (3 subtraces) (ID = 866947)
    6:32 PM: HKLM\software\classes\appid\amnotifier.exe\ (1 subtraces) (ID = 866961)
    6:32 PM: HKLM\software\classes\appid\downloadmanager.exe\ (1 subtraces) (ID = 866963)
    6:32 PM: HKLM\software\classes\appid\mpagent.dll\ (1 subtraces) (ID = 866967)
    6:32 PM: HKLM\software\classes\appid\trayicon.exe\ (1 subtraces) (ID = 866971)
    6:32 PM: HKLM\software\classes\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866973)
    6:32 PM: HKLM\software\classes\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866977)
    6:32 PM: HKLM\software\classes\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866981)
    6:32 PM: HKLM\software\classes\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866983)
    6:32 PM: HKLM\software\classes\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866985)
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: HKLM\software\classes\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 867014)
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: HKLM\software\classes\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 867026)
    6:32 PM: HKLM\software\classes\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 867075)
    6:32 PM: HKLM\software\classes\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 867095)
    6:32 PM: HKLM\software\classes\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 867105)
    6:32 PM: HKLM\software\classes\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 867115)
    6:32 PM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\program files\p2pnetworks\p2pnetworks.exe (ID = 871570)
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:32 PM: Found Adware: yyep.com hijack
    6:32 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search page (ID = 147889)
    6:32 PM: HKU\S-1-5-20\software\microsoft\internet explorer\search\ || searchassistant (ID = 147890)
    6:32 PM: HKU\S-1-5-20\software\microsoft\internet explorer\ || searchurl (ID = 147891)
    6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search page (ID = 147889)
    6:33 PM: HKU\S-1-5-19\software\microsoft\internet explorer\search\ || searchassistant (ID = 147890)
    6:33 PM: HKU\S-1-5-19\software\microsoft\internet explorer\ || searchurl (ID = 147891)
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 147890)
    6:33 PM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 147891)
    6:33 PM: Registry Sweep Complete, Elapsed Time:00:01:22
    6:33 PM: Starting Cookie Sweep
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: Found Spy Cookie: belnk cookie
    6:33 PM: ray [email protected][2].txt (ID = 2292)
    6:33 PM: Found Spy Cookie: 2o7.net cookie
    6:33 PM: ray [email protected][1].txt (ID = 1958)
    6:33 PM: Found Spy Cookie: ask cookie
    6:33 PM: ray [email protected][1].txt (ID = 2245)
    6:33 PM: Found Spy Cookie: statcounter cookie
    6:33 PM: ray [email protected][2].txt (ID = 3447)
    6:33 PM: ray [email protected][1].txt (ID = 1958)
    6:33 PM: ray [email protected][1].txt (ID = 1958)
    6:33 PM: Found Spy Cookie: ic-live cookie
    6:33 PM: ray [email protected][1].txt (ID = 2821)
    6:33 PM: Found Spy Cookie: ccbill cookie
    6:33 PM: ray [email protected][1].txt (ID = 2369)
    6:33 PM: Found Spy Cookie: mashka cookie
    6:33 PM: ray [email protected][1].txt (ID = 2949)
    6:33 PM: Found Spy Cookie: videodome cookie
    6:33 PM: ray [email protected][1].txt (ID = 3638)
    6:33 PM: Found Spy Cookie: toplist cookie
    6:33 PM: ray [email protected][3].txt (ID = 3557)
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: Found Spy Cookie: nextag cookie
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: ray [email protected][1].txt (ID = 5014)
    6:33 PM: Found Spy Cookie: sexsearch cookie
    6:33 PM: ray [email protected][1].txt (ID = 3358)
    6:33 PM: Found Spy Cookie: screensavers.com cookie
    6:33 PM: ray [email protected][1].txt (ID = 3298)
    6:33 PM: Found Spy Cookie: go.com cookie
    6:33 PM: ray [email protected][1].txt (ID = 2728)
    6:33 PM: Found Spy Cookie: clickzs cookie
    6:33 PM: ray [email protected][2].txt (ID = 2413)
    6:33 PM: ray [email protected][2].txt (ID = 1957)
    6:33 PM: ray [email protected][1].txt (ID = 3298)
    6:33 PM: Found Spy Cookie: ru4 cookie
    6:33 PM: ray [email protected][2].txt (ID = 3269)
    6:33 PM: Found Spy Cookie: myaffiliateprogram.com cookie
    6:33 PM: ray [email protected][1].txt (ID = 3032)
    6:33 PM: Found Spy Cookie: starware.com cookie
    6:33 PM: ray [email protected][2].txt (ID = 3441)
    6:33 PM: Found Spy Cookie: servlet cookie
    6:33 PM: ray [email protected][1].txt (ID = 3345)
    6:33 PM: Found Spy Cookie: adultfriendfinder cookie
    6:33 PM: ray [email protected][1].txt (ID = 2165)
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: Found Spy Cookie: xren_cj cookie
    6:33 PM: ray [email protected]_cj[2].txt (ID = 3723)
    6:33 PM: Found Spy Cookie: advertising cookie
    6:33 PM: ray [email protected][2].txt (ID = 2175)
    6:33 PM: Found Spy Cookie: classmates cookie
    6:33 PM: ray [email protected][1].txt (ID = 2384)
    6:33 PM: Found Spy Cookie: coolsavings cookie
    6:33 PM: ray [email protected][2].txt (ID = 2465)
    6:33 PM: Found Spy Cookie: barelylegal cookie
    6:33 PM: ray [email protected][2].txt (ID = 2286)
    6:33 PM: Found Spy Cookie: gamespy cookie
    6:33 PM: ray [email protected][1].txt (ID = 2719)
    6:33 PM: ray [email protected][2].txt (ID = 2293)
    6:33 PM: Found Spy Cookie: atwola cookie
    6:33 PM: ray [email protected][2].txt (ID = 2255)
    6:33 PM: Found Spy Cookie: burstnet cookie
    6:33 PM: ray [email protected][2].txt (ID = 2336)
    6:33 PM: ray [email protected][2].txt (ID = 2413)
    6:33 PM: Found Spy Cookie: websponsors cookie
    6:33 PM: ray [email protected][2].txt (ID = 3665)
    6:33 PM: Found Spy Cookie: burstbeacon cookie
    6:33 PM: ray [email protected][1].txt (ID = 2335)
    6:33 PM: ray [email protected][2].txt (ID = 2719)
    6:33 PM: Found Spy Cookie: bizrate cookie
    6:33 PM: ray [email protected][1].txt (ID = 2308)
    6:33 PM: ray [email protected][1].txt (ID = 2413)
    6:33 PM: Found Spy Cookie: avres cookie
    6:33 PM: ray [email protected][1].txt (ID = 2261)
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: Found Spy Cookie: ademails.com cookie
    6:33 PM: ray [email protected][1].txt (ID = 2066)
    6:33 PM: ray [email protected][1].txt (ID = 2413)
    6:33 PM: ray [email protected][1].txt (ID = 2413)
    6:33 PM: Found Spy Cookie: kinghost cookie
    6:33 PM: ray [email protected][1].txt (ID = 2903)
    6:33 PM: Found Spy Cookie: yadro cookie
    6:33 PM: ray [email protected][1].txt (ID = 3743)
    6:33 PM: Found Spy Cookie: yieldmanager cookie
    6:33 PM: ray [email protected][2].txt (ID = 3749)
    6:33 PM: Found Spy Cookie: outster cookie
    6:33 PM: ray [email protected][2].txt (ID = 3103)
    6:33 PM: Found Spy Cookie: webpower cookie
    6:33 PM: ray [email protected][2].txt (ID = 3660)
    6:33 PM: ray [email protected]_cj[1].txt (ID = 3723)
    6:33 PM: ray [email protected][1].txt (ID = 2413)
    6:33 PM: Found Spy Cookie: about cookie
    6:33 PM: ray [email protected][1].txt (ID = 2037)
    6:33 PM: Found Spy Cookie: customer cookie
    6:33 PM: ray [email protected][1].txt (ID = 2481)
    6:33 PM: ray [email protected][1].txt (ID = 2038)
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: Found Spy Cookie: spyaxe cookie
    6:33 PM: ray [email protected][2].txt (ID = 6110)
    6:33 PM: ray [email protected][1].txt (ID = 2293)
    6:33 PM: Found Spy Cookie: www.mature-post cookie
    6:33 PM: ray [email protected][2].txt (ID = 3703)
    6:33 PM: ray [email protected][1].txt (ID = 2729)
    6:33 PM: ray [email protected][1].txt (ID = 2729)
    6:33 PM: Found Spy Cookie: herfirstlesbiansex cookie
    6:33 PM: ray [email protected][2].txt (ID = 2771)
    6:33 PM: Found Spy Cookie: adknowledge cookie
    6:33 PM: ray [email protected][1].txt (ID = 2072)
    6:33 PM: Found Spy Cookie: overture cookie
    6:33 PM: ray [email protected][1].txt (ID = 3106)
    6:33 PM: ray [email protected][1].txt (ID = 3751)
    6:33 PM: Cookie Sweep Complete, Elapsed Time: 00:00:11
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:33 PM: Starting File Sweep
    6:33 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
    6:33 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
    6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:34 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:35 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:36 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:37 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:38 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:39 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:40 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:42 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:43 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:44 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
    6:44 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
     
  6. mdc467

    mdc467 Thread Starter

    Joined:
    Nov 12, 2005
    Messages:
    11
    6:45 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:46 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:47 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:48 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:49 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:50 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:52 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:55 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:58 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:59 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:00 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:01 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:02 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:03 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:04 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:05 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:06 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:07 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:08 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:09 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:10 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:11 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:12 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    12 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:13 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:14 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:15 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:16 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:17 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:18 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:19 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:20 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:22 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:23 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:23 PM: c:\program files\mediapipe (8 subtraces) (ID = -2147470120)
    7:23 PM: mediapipe.ini (ID = 162695)
    7:23 PM: agent.dll (ID = 162691)
    7:23 PM: p2pinst.exe (ID = 162698)
    7:23 PM: p2pl.exe (ID = 162699)
    7:23 PM: api.exe (ID = 163130)
    7:23 PM: altpayments.exe (ID = 162690)
    7:23 PM: altpayments_terms.txt (ID = 87892)
    7:23 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:24 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:24 PM: c:\my accessmedia (1 subtraces) (ID = -2147469182)
    7:24 PM: altpayments.exe (ID = 162690)
    7:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:25 PM: Warning: Failed to open file "c:\documents and settings\ray castro\ntuser.dat". The process cannot access the file because it is being used by another process
    7:25 PM: Warning: Failed to open file "c:\documents and settings\ray castro\ntuser.dat.log". The process cannot access the file because it is being used by another process
    7:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:25 PM: Warning: Failed to open file "c:\documents and settings\ray castro\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    7:25 PM: Warning: Failed to open file "c:\documents and settings\ray castro\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    7:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:25 PM: movieland terms.lnk (ID = 201283)
    7:26 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:27 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
    7:27 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
    7:27 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
    7:27 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
    7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:27 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
    7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:27 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
    7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:28 PM: Found Adware: spyaxe
    7:28 PM: a0001744.lnk (ID = 204550)
    7:28 PM: Found Adware: psguard
    7:28 PM: a0001762.bat (ID = 202688)
    7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:28 PM: Warning: Failed to open file "c:\system volume information\_restore{4ba726e4-4cc0-4162-84fb-b6fc9d56eab9}\rp24\a0002793.exe". Access is denied
    7:28 PM: Warning: Failed to open file "c:\system volume information\_restore{4ba726e4-4cc0-4162-84fb-b6fc9d56eab9}\rp24\a0002802.exe". Access is denied
    7:28 PM: Warning: Failed to open file "c:\system volume information\_restore{4ba726e4-4cc0-4162-84fb-b6fc9d56eab9}\rp24\a0002804.exe". Access is denied
    7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:28 PM: a0001778.exe (ID = 217946)
    7:28 PM: Found Adware: spyaxe fakealert
    7:28 PM: a0002798.dll (ID = 216)
    7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:28 PM: Warning: Unhandled Archive Type
    7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:29 PM: Warning: Unhandled Archive Type
    7:29 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:30 PM: Warning: Invalid Stream
    7:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:30 PM: File Sweep Complete, Elapsed Time: 00:57:11
    7:30 PM: Full Sweep has completed. Elapsed time 01:09:11
    7:30 PM: Traces Found: 382
    7:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:31 PM: Removal process initiated
    7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:31 PM: Quarantining All Traces: psguard
    7:31 PM: Quarantining All Traces: p2pnetwork
    7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:31 PM: Quarantining All Traces: mediapipe
    7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:31 PM: Quarantining All Traces: spyaxe fakealert
    7:31 PM: Quarantining All Traces: spyaxe
    7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:31 PM: Quarantining All Traces: weirdontheweb
    7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Quarantining All Traces: yyep.com hijack
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Quarantining All Traces: 2o7.net cookie
    7:32 PM: Quarantining All Traces: about cookie
    7:32 PM: Quarantining All Traces: ademails.com cookie
    7:32 PM: Quarantining All Traces: adknowledge cookie
    7:32 PM: Quarantining All Traces: adultfriendfinder cookie
    7:32 PM: Quarantining All Traces: advertising cookie
    7:32 PM: Quarantining All Traces: ask cookie
    7:32 PM: Quarantining All Traces: atwola cookie
    7:32 PM: Quarantining All Traces: avres cookie
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Quarantining All Traces: barelylegal cookie
    7:32 PM: Quarantining All Traces: belnk cookie
    7:32 PM: Quarantining All Traces: bizrate cookie
    7:32 PM: Quarantining All Traces: burstbeacon cookie
    7:32 PM: Quarantining All Traces: burstnet cookie
    7:32 PM: Quarantining All Traces: ccbill cookie
    7:32 PM: Quarantining All Traces: classmates cookie
    7:32 PM: Quarantining All Traces: clickzs cookie
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Quarantining All Traces: coolsavings cookie
    7:32 PM: Quarantining All Traces: customer cookie
    7:32 PM: Quarantining All Traces: gamespy cookie
    7:32 PM: Quarantining All Traces: go.com cookie
    7:32 PM: Quarantining All Traces: herfirstlesbiansex cookie
    7:32 PM: Quarantining All Traces: ic-live cookie
    7:32 PM: Quarantining All Traces: kinghost cookie
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Quarantining All Traces: mashka cookie
    7:32 PM: Quarantining All Traces: myaffiliateprogram.com cookie
    7:32 PM: Quarantining All Traces: nextag cookie
    7:32 PM: Quarantining All Traces: outster cookie
    7:32 PM: Quarantining All Traces: overture cookie
    7:32 PM: Quarantining All Traces: ru4 cookie
    7:32 PM: Quarantining All Traces: screensavers.com cookie
    7:32 PM: Quarantining All Traces: servlet cookie
    7:32 PM: Quarantining All Traces: sexsearch cookie
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Quarantining All Traces: spyaxe cookie
    7:32 PM: Quarantining All Traces: starware.com cookie
    7:32 PM: Quarantining All Traces: statcounter cookie
    7:32 PM: Quarantining All Traces: toplist cookie
    7:32 PM: Quarantining All Traces: videodome cookie
    7:32 PM: Quarantining All Traces: webpower cookie
    7:32 PM: Quarantining All Traces: websponsors cookie
    7:32 PM: Quarantining All Traces: www.mature-post cookie
    7:32 PM: Quarantining All Traces: xren_cj cookie
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Quarantining All Traces: yadro cookie
    7:32 PM: Quarantining All Traces: yieldmanager cookie
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:32 PM: Removal process completed. Elapsed time 00:00:55
    7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:34 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:35 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:36 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:37 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:38 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:39 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:40 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:42 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:43 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:44 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:45 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:46 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:47 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:48 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:49 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:50 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:52 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:55 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    7:58 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    ********
    6:17 PM: | Start of Session, Wednesday, January 04, 2006 |
    6:17 PM: Spy Sweeper started
    6:17 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:17 PM: Your spyware definitions have been updated.
    6:17 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:18 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:19 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:20 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:20 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
    6:21 PM: | End of Session, Wednesday, January 04, 2006 |
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    That looks fine now

    have all the problems stopped

    if so then

    Turn off system restore by following instructions here
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

    go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

    and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430923

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice