Malware. spyware need to remove this!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mdc467

Thread Starter
Joined
Nov 12, 2005
Messages
11
Please help me get rid of this pop up. Here is my Hijack this scan.

Thank you. :(


Logfile of HijackThis v1.99.1
Scan saved at 10:49:32 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\mssearchnet.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\windows\system32\hp1D36.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Yahoo! Monitor.lnk = C:\Program Files\Encompass\EncMontr.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft3_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} - http://download.mcafee.com/molbin/clinic/virusscan/mgavinst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131816290725
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Download smitRem.exe

or HERE and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

then

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:

    • [*]Sweep Memory
      [*]Sweep Registry
      [*]Sweep Cookies
      [*]Sweep All User Accounts
      [*]Enable Direct Disk Sweeping
      [*]Sweep Contents of Compressed Files
      [*]Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

Post the contents of smitfiles.txt and the a new HJT log and the spysweeper report .
Let us know if any problems persist.
 

mdc467

Thread Starter
Joined
Nov 12, 2005
Messages
11
Logfile of HijackThis v1.99.1
Scan saved at 7:42:53 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Yahoo! Monitor.lnk = C:\Program Files\Encompass\EncMontr.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/clients/y/ft3_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} - http://download.mcafee.com/molbin/clinic/virusscan/mgavinst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131816290725
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 01/04/2006
The current time is: 18:05:10.74

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url

I wasn't able to post the log from Webroot SpySweeper because the text entered was too long. I hope with the two logs I posted will be sufficient.

Thanks for your help.

Marisa :)
 

mdc467

Thread Starter
Joined
Nov 12, 2005
Messages
11
smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 01/04/2006
The current time is: 18:05:10.74

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

wbeconm.dll
1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 740 'explorer.exe'
Killing PID 740 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)

I noticed the the whole log did not post. Here it is.

Thanks
 

mdc467

Thread Starter
Joined
Nov 12, 2005
Messages
11
********
6:21 PM: | Start of Session, Wednesday, January 04, 2006 |
6:21 PM: Spy Sweeper started
6:21 PM: Sweep initiated using definitions version 596
6:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:21 PM: Starting Memory Sweep
6:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:22 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:23 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:24 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:26 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:29 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:31 PM: Memory Sweep Complete, Elapsed Time: 00:10:11
6:31 PM: Starting Registry Sweep
6:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: Found Adware: weirdontheweb
6:32 PM: HKCR\amnotifier.hubawindow\ (5 subtraces) (ID = 866632)
6:32 PM: HKCR\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866638)
6:32 PM: Found Adware: mediapipe
6:32 PM: HKCR\downloadmanager.manager\ (5 subtraces) (ID = 866642)
6:32 PM: HKCR\downloadmanager.manager.1\ (3 subtraces) (ID = 866648)
6:32 PM: HKCR\mpagent.agent\ (5 subtraces) (ID = 866662)
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: HKCR\mpagent.agent.1\ (3 subtraces) (ID = 866668)
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: HKCR\appid\amnotifier.exe\ (1 subtraces) (ID = 866682)
6:32 PM: HKCR\appid\downloadmanager.exe\ (1 subtraces) (ID = 866684)
6:32 PM: HKCR\appid\mpagent.dll\ (1 subtraces) (ID = 866688)
6:32 PM: HKCR\appid\trayicon.exe\ (1 subtraces) (ID = 866692)
6:32 PM: HKCR\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866694)
6:32 PM: HKCR\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866698)
6:32 PM: HKCR\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866702)
6:32 PM: HKCR\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866704)
6:32 PM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866706)
6:32 PM: HKCR\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 866735)
6:32 PM: Found Trojan Horse: p2pnetwork
6:32 PM: HKCR\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 866747)
6:32 PM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 866796)
6:32 PM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 866816)
6:32 PM: HKCR\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 866826)
6:32 PM: HKCR\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 866836)
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: HKLM\software\altpayments\ (22 subtraces) (ID = 866864)
6:32 PM: HKLM\software\mediapipe\ (16 subtraces) (ID = 866893)
6:32 PM: HKLM\software\classes\amnotifier.hubawindow\ (5 subtraces) (ID = 866911)
6:32 PM: HKLM\software\classes\amnotifier.hubawindow.1\ (3 subtraces) (ID = 866917)
6:32 PM: HKLM\software\classes\amnotifier.hubawindow.1\clsid\ (1 subtraces) (ID = 866919)
6:32 PM: HKLM\software\classes\downloadmanager.manager\ (5 subtraces) (ID = 866921)
6:32 PM: HKLM\software\classes\downloadmanager.manager.1\ (3 subtraces) (ID = 866927)
6:32 PM: HKLM\software\classes\mpagent.agent\ (5 subtraces) (ID = 866941)
6:32 PM: HKLM\software\classes\mpagent.agent.1\ (3 subtraces) (ID = 866947)
6:32 PM: HKLM\software\classes\appid\amnotifier.exe\ (1 subtraces) (ID = 866961)
6:32 PM: HKLM\software\classes\appid\downloadmanager.exe\ (1 subtraces) (ID = 866963)
6:32 PM: HKLM\software\classes\appid\mpagent.dll\ (1 subtraces) (ID = 866967)
6:32 PM: HKLM\software\classes\appid\trayicon.exe\ (1 subtraces) (ID = 866971)
6:32 PM: HKLM\software\classes\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (1 subtraces) (ID = 866973)
6:32 PM: HKLM\software\classes\appid\{7911272a-a32a-404e-8a51-ee18b99b18c4}\ (1 subtraces) (ID = 866977)
6:32 PM: HKLM\software\classes\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (1 subtraces) (ID = 866981)
6:32 PM: HKLM\software\classes\appid\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (1 subtraces) (ID = 866983)
6:32 PM: HKLM\software\classes\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (11 subtraces) (ID = 866985)
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: HKLM\software\classes\clsid\{7bf58804-e672-4b96-8eec-bfcce6492c9a}\ (11 subtraces) (ID = 867014)
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: HKLM\software\classes\clsid\{b3e19860-0cd5-4991-a066-4fca2704de59}\ (12 subtraces) (ID = 867026)
6:32 PM: HKLM\software\classes\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (9 subtraces) (ID = 867075)
6:32 PM: HKLM\software\classes\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (9 subtraces) (ID = 867095)
6:32 PM: HKLM\software\classes\typelib\{afdbb222-dea9-4c12-b3a3-a13c2985e3ee}\ (9 subtraces) (ID = 867105)
6:32 PM: HKLM\software\classes\typelib\{ccebbeb5-d011-41b5-9f92-01f88a38dc0d}\ (9 subtraces) (ID = 867115)
6:32 PM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\program files\p2pnetworks\p2pnetworks.exe (ID = 871570)
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:32 PM: Found Adware: yyep.com hijack
6:32 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search page (ID = 147889)
6:32 PM: HKU\S-1-5-20\software\microsoft\internet explorer\search\ || searchassistant (ID = 147890)
6:32 PM: HKU\S-1-5-20\software\microsoft\internet explorer\ || searchurl (ID = 147891)
6:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search page (ID = 147889)
6:33 PM: HKU\S-1-5-19\software\microsoft\internet explorer\search\ || searchassistant (ID = 147890)
6:33 PM: HKU\S-1-5-19\software\microsoft\internet explorer\ || searchurl (ID = 147891)
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 147890)
6:33 PM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 147891)
6:33 PM: Registry Sweep Complete, Elapsed Time:00:01:22
6:33 PM: Starting Cookie Sweep
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: Found Spy Cookie: belnk cookie
6:33 PM: ray castro@belnk[2].txt (ID = 2292)
6:33 PM: Found Spy Cookie: 2o7.net cookie
6:33 PM: ray castro@microsoftwga.112.2o7[1].txt (ID = 1958)
6:33 PM: Found Spy Cookie: ask cookie
6:33 PM: ray castro@ask[1].txt (ID = 2245)
6:33 PM: Found Spy Cookie: statcounter cookie
6:33 PM: ray castro@statcounter[2].txt (ID = 3447)
6:33 PM: ray castro@msnportal.112.2o7[1].txt (ID = 1958)
6:33 PM: ray castro@microsofteup.112.2o7[1].txt (ID = 1958)
6:33 PM: Found Spy Cookie: ic-live cookie
6:33 PM: ray castro@ic-live[1].txt (ID = 2821)
6:33 PM: Found Spy Cookie: ccbill cookie
6:33 PM: ray castro@ccbill[1].txt (ID = 2369)
6:33 PM: Found Spy Cookie: mashka cookie
6:33 PM: ray castro@mashka[1].txt (ID = 2949)
6:33 PM: Found Spy Cookie: videodome cookie
6:33 PM: ray castro@videodome[1].txt (ID = 3638)
6:33 PM: Found Spy Cookie: toplist cookie
6:33 PM: ray castro@toplist[3].txt (ID = 3557)
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: Found Spy Cookie: nextag cookie
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: ray castro@nextag[1].txt (ID = 5014)
6:33 PM: Found Spy Cookie: sexsearch cookie
6:33 PM: ray castro@tour.splash.sexsearch[1].txt (ID = 3358)
6:33 PM: Found Spy Cookie: screensavers.com cookie
6:33 PM: ray castro@www.screensavers[1].txt (ID = 3298)
6:33 PM: Found Spy Cookie: go.com cookie
6:33 PM: ray castro@go[1].txt (ID = 2728)
6:33 PM: Found Spy Cookie: clickzs cookie
6:33 PM: ray castro@cz5.clickzs[2].txt (ID = 2413)
6:33 PM: ray castro@2o7[2].txt (ID = 1957)
6:33 PM: ray castro@i.screensavers[1].txt (ID = 3298)
6:33 PM: Found Spy Cookie: ru4 cookie
6:33 PM: ray castro@edge.ru4[2].txt (ID = 3269)
6:33 PM: Found Spy Cookie: myaffiliateprogram.com cookie
6:33 PM: ray castro@www.myaffiliateprogram[1].txt (ID = 3032)
6:33 PM: Found Spy Cookie: starware.com cookie
6:33 PM: ray castro@starware[2].txt (ID = 3441)
6:33 PM: Found Spy Cookie: servlet cookie
6:33 PM: ray castro@servlet[1].txt (ID = 3345)
6:33 PM: Found Spy Cookie: adultfriendfinder cookie
6:33 PM: ray castro@adultfriendfinder[1].txt (ID = 2165)
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: Found Spy Cookie: xren_cj cookie
6:33 PM: ray castro@xren_cj[2].txt (ID = 3723)
6:33 PM: Found Spy Cookie: advertising cookie
6:33 PM: ray castro@advertising[2].txt (ID = 2175)
6:33 PM: Found Spy Cookie: classmates cookie
6:33 PM: ray castro@classmates[1].txt (ID = 2384)
6:33 PM: Found Spy Cookie: coolsavings cookie
6:33 PM: ray castro@coolsavings[2].txt (ID = 2465)
6:33 PM: Found Spy Cookie: barelylegal cookie
6:33 PM: ray castro@c.fsx[2].txt (ID = 2286)
6:33 PM: Found Spy Cookie: gamespy cookie
6:33 PM: ray castro@gamespy[1].txt (ID = 2719)
6:33 PM: ray castro@ath.belnk[2].txt (ID = 2293)
6:33 PM: Found Spy Cookie: atwola cookie
6:33 PM: ray castro@atwola[2].txt (ID = 2255)
6:33 PM: Found Spy Cookie: burstnet cookie
6:33 PM: ray castro@burstnet[2].txt (ID = 2336)
6:33 PM: ray castro@cz7.clickzs[2].txt (ID = 2413)
6:33 PM: Found Spy Cookie: websponsors cookie
6:33 PM: ray castro@a.websponsors[2].txt (ID = 3665)
6:33 PM: Found Spy Cookie: burstbeacon cookie
6:33 PM: ray castro@www.burstbeacon[1].txt (ID = 2335)
6:33 PM: ray castro@cheats.gamespy[2].txt (ID = 2719)
6:33 PM: Found Spy Cookie: bizrate cookie
6:33 PM: ray castro@bizrate[1].txt (ID = 2308)
6:33 PM: ray castro@cz8.clickzs[1].txt (ID = 2413)
6:33 PM: Found Spy Cookie: avres cookie
6:33 PM: ray castro@avres[1].txt (ID = 2261)
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: Found Spy Cookie: ademails.com cookie
6:33 PM: ray castro@www.ademails[1].txt (ID = 2066)
6:33 PM: ray castro@cz4.clickzs[1].txt (ID = 2413)
6:33 PM: ray castro@cz6.clickzs[1].txt (ID = 2413)
6:33 PM: Found Spy Cookie: kinghost cookie
6:33 PM: ray castro@kinghost[1].txt (ID = 2903)
6:33 PM: Found Spy Cookie: yadro cookie
6:33 PM: ray castro@yadro[1].txt (ID = 3743)
6:33 PM: Found Spy Cookie: yieldmanager cookie
6:33 PM: ray castro@yieldmanager[2].txt (ID = 3749)
6:33 PM: Found Spy Cookie: outster cookie
6:33 PM: ray castro@outster[2].txt (ID = 3103)
6:33 PM: Found Spy Cookie: webpower cookie
6:33 PM: ray castro@webpower[2].txt (ID = 3660)
6:33 PM: ray castro@xren_cj[1].txt (ID = 3723)
6:33 PM: ray castro@cz3.clickzs[1].txt (ID = 2413)
6:33 PM: Found Spy Cookie: about cookie
6:33 PM: ray castro@about[1].txt (ID = 2037)
6:33 PM: Found Spy Cookie: customer cookie
6:33 PM: ray castro@customer[1].txt (ID = 2481)
6:33 PM: ray castro@tattoo.about[1].txt (ID = 2038)
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: Found Spy Cookie: spyaxe cookie
6:33 PM: ray castro@spyaxe[2].txt (ID = 6110)
6:33 PM: ray castro@dist.belnk[1].txt (ID = 2293)
6:33 PM: Found Spy Cookie: www.mature-post cookie
6:33 PM: ray castro@www.mature-post[2].txt (ID = 3703)
6:33 PM: ray castro@www.disney.go[1].txt (ID = 2729)
6:33 PM: ray castro@psc.disney.go[1].txt (ID = 2729)
6:33 PM: Found Spy Cookie: herfirstlesbiansex cookie
6:33 PM: ray castro@herfirstlesbiansex[2].txt (ID = 2771)
6:33 PM: Found Spy Cookie: adknowledge cookie
6:33 PM: ray castro@adknowledge[1].txt (ID = 2072)
6:33 PM: Found Spy Cookie: overture cookie
6:33 PM: ray castro@data4.perf.overture[1].txt (ID = 3106)
6:33 PM: ray castro@ad.yieldmanager[1].txt (ID = 3751)
6:33 PM: Cookie Sweep Complete, Elapsed Time: 00:00:11
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:33 PM: Starting File Sweep
6:33 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
6:33 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
6:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:34 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:35 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:36 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:37 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:38 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:39 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:40 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:42 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:43 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:44 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
 

mdc467

Thread Starter
Joined
Nov 12, 2005
Messages
11
6:45 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:46 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:47 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:48 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:49 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:50 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:52 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:55 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:58 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:59 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:00 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:01 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:02 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:03 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:04 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:05 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:06 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:07 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:08 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:09 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:10 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:11 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:12 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
12 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:13 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:14 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:15 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:16 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:17 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:18 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:19 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:20 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:22 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:23 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:23 PM: c:\program files\mediapipe (8 subtraces) (ID = -2147470120)
7:23 PM: mediapipe.ini (ID = 162695)
7:23 PM: agent.dll (ID = 162691)
7:23 PM: p2pinst.exe (ID = 162698)
7:23 PM: p2pl.exe (ID = 162699)
7:23 PM: api.exe (ID = 163130)
7:23 PM: altpayments.exe (ID = 162690)
7:23 PM: altpayments_terms.txt (ID = 87892)
7:23 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:24 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:24 PM: c:\my accessmedia (1 subtraces) (ID = -2147469182)
7:24 PM: altpayments.exe (ID = 162690)
7:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:25 PM: Warning: Failed to open file "c:\documents and settings\ray castro\ntuser.dat". The process cannot access the file because it is being used by another process
7:25 PM: Warning: Failed to open file "c:\documents and settings\ray castro\ntuser.dat.log". The process cannot access the file because it is being used by another process
7:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:25 PM: Warning: Failed to open file "c:\documents and settings\ray castro\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
7:25 PM: Warning: Failed to open file "c:\documents and settings\ray castro\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
7:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:25 PM: movieland terms.lnk (ID = 201283)
7:26 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:27 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
7:27 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
7:27 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
7:27 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:27 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:27 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
7:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:28 PM: Found Adware: spyaxe
7:28 PM: a0001744.lnk (ID = 204550)
7:28 PM: Found Adware: psguard
7:28 PM: a0001762.bat (ID = 202688)
7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:28 PM: Warning: Failed to open file "c:\system volume information\_restore{4ba726e4-4cc0-4162-84fb-b6fc9d56eab9}\rp24\a0002793.exe". Access is denied
7:28 PM: Warning: Failed to open file "c:\system volume information\_restore{4ba726e4-4cc0-4162-84fb-b6fc9d56eab9}\rp24\a0002802.exe". Access is denied
7:28 PM: Warning: Failed to open file "c:\system volume information\_restore{4ba726e4-4cc0-4162-84fb-b6fc9d56eab9}\rp24\a0002804.exe". Access is denied
7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:28 PM: a0001778.exe (ID = 217946)
7:28 PM: Found Adware: spyaxe fakealert
7:28 PM: a0002798.dll (ID = 216)
7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:28 PM: Warning: Unhandled Archive Type
7:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:29 PM: Warning: Unhandled Archive Type
7:29 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:30 PM: Warning: Invalid Stream
7:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:30 PM: File Sweep Complete, Elapsed Time: 00:57:11
7:30 PM: Full Sweep has completed. Elapsed time 01:09:11
7:30 PM: Traces Found: 382
7:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:31 PM: Removal process initiated
7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:31 PM: Quarantining All Traces: psguard
7:31 PM: Quarantining All Traces: p2pnetwork
7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:31 PM: Quarantining All Traces: mediapipe
7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:31 PM: Quarantining All Traces: spyaxe fakealert
7:31 PM: Quarantining All Traces: spyaxe
7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:31 PM: Quarantining All Traces: weirdontheweb
7:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Quarantining All Traces: yyep.com hijack
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Quarantining All Traces: 2o7.net cookie
7:32 PM: Quarantining All Traces: about cookie
7:32 PM: Quarantining All Traces: ademails.com cookie
7:32 PM: Quarantining All Traces: adknowledge cookie
7:32 PM: Quarantining All Traces: adultfriendfinder cookie
7:32 PM: Quarantining All Traces: advertising cookie
7:32 PM: Quarantining All Traces: ask cookie
7:32 PM: Quarantining All Traces: atwola cookie
7:32 PM: Quarantining All Traces: avres cookie
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Quarantining All Traces: barelylegal cookie
7:32 PM: Quarantining All Traces: belnk cookie
7:32 PM: Quarantining All Traces: bizrate cookie
7:32 PM: Quarantining All Traces: burstbeacon cookie
7:32 PM: Quarantining All Traces: burstnet cookie
7:32 PM: Quarantining All Traces: ccbill cookie
7:32 PM: Quarantining All Traces: classmates cookie
7:32 PM: Quarantining All Traces: clickzs cookie
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Quarantining All Traces: coolsavings cookie
7:32 PM: Quarantining All Traces: customer cookie
7:32 PM: Quarantining All Traces: gamespy cookie
7:32 PM: Quarantining All Traces: go.com cookie
7:32 PM: Quarantining All Traces: herfirstlesbiansex cookie
7:32 PM: Quarantining All Traces: ic-live cookie
7:32 PM: Quarantining All Traces: kinghost cookie
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Quarantining All Traces: mashka cookie
7:32 PM: Quarantining All Traces: myaffiliateprogram.com cookie
7:32 PM: Quarantining All Traces: nextag cookie
7:32 PM: Quarantining All Traces: outster cookie
7:32 PM: Quarantining All Traces: overture cookie
7:32 PM: Quarantining All Traces: ru4 cookie
7:32 PM: Quarantining All Traces: screensavers.com cookie
7:32 PM: Quarantining All Traces: servlet cookie
7:32 PM: Quarantining All Traces: sexsearch cookie
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Quarantining All Traces: spyaxe cookie
7:32 PM: Quarantining All Traces: starware.com cookie
7:32 PM: Quarantining All Traces: statcounter cookie
7:32 PM: Quarantining All Traces: toplist cookie
7:32 PM: Quarantining All Traces: videodome cookie
7:32 PM: Quarantining All Traces: webpower cookie
7:32 PM: Quarantining All Traces: websponsors cookie
7:32 PM: Quarantining All Traces: www.mature-post cookie
7:32 PM: Quarantining All Traces: xren_cj cookie
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Quarantining All Traces: yadro cookie
7:32 PM: Quarantining All Traces: yieldmanager cookie
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:32 PM: Removal process completed. Elapsed time 00:00:55
7:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:34 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:35 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:36 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:37 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:38 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:39 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:40 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:42 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:43 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:44 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:45 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:46 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:47 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:48 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:49 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:50 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:52 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:55 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
7:58 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
********
6:17 PM: | Start of Session, Wednesday, January 04, 2006 |
6:17 PM: Spy Sweeper started
6:17 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:17 PM: Your spyware definitions have been updated.
6:17 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:18 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:19 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:20 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:20 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
6:21 PM: | End of Session, Wednesday, January 04, 2006 |
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That looks fine now

have all the problems stopped

if so then

Turn off system restore by following instructions here
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top