1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: SpySheriff, Weather.exe and Winpartol problems

Discussion in 'Virus & Other Malware Removal' started by atcdav, Aug 5, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    Everytime I login, I get an alert from Winpatrol for spysheriff and daily weather forecast, to which I click "no" to not load. In the info it says local flie not found. I cannot find these programs anywhere on my computer. I have tried Spy Sweeper, ewido, AVG, Panda Activescan, Bit Defender, Stinger, Dr. Web, Smitfraudfix, adaware, spybot, none can find it. I used regsearch and the only instances are tied to Winpatrol. I tried to fix the registry(fix.reg) to remove these but they come back.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:03:31 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dave\Desktop\Spyware tools\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX4800 Series on SCHMIED on KATIE] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P56 "Auto Auto EPSON Stylus CX4800 Series on SCHMIED on KATIE" /O16 "\\KATIE\AutoEPSO" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129862909477
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax2918.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please run SpySweeper and post the log back here.
     
  3. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    10:47 PM: None
    10:47 PM: Traces Found: 0
    10:47 PM: Full Sweep has completed. Elapsed time 00:29:41
    10:47 PM: File Sweep Complete, Elapsed Time: 00:27:24
    10:41 PM: IE Security Shield: found: C:\PROGRAM FILES\YAHOO!\YPSR\YPSR.EXE -- IE Security modification allowed at user request
    10:40 PM: Warning: Stream read error
    10:36 PM: Warning: Failed to open file "c:\documents and settings\dave\cookies\[email protected][2].txt". The operation completed successfully
    10:19 PM: Starting File Sweep
    10:19 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    10:19 PM: Starting Cookie Sweep
    10:19 PM: Registry Sweep Complete, Elapsed Time:00:00:18
    10:19 PM: Starting Registry Sweep
    10:19 PM: Memory Sweep Complete, Elapsed Time: 00:01:50
    10:17 PM: Starting Memory Sweep
    10:17 PM: Sweep initiated using definitions version 734
    10:17 PM: Spy Sweeper 5.0.5.1286 started
    10:17 PM: | Start of Session, Sunday, August 06, 2006 |
    ********
    10:17 PM: | End of Session, Sunday, August 06, 2006 |
    10:17 PM: Spy Sweeper 5.0.5.1286 started
    10:17 PM: | Start of Session, Sunday, August 06, 2006 |
    ********

    I have anothe session log but it cover 4-5 months, is shows instances of spysheriff and weather.exe but it is very, very long.

    Thank you
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    It would help if you could post the portion that shows spysheriff and weather so I will know the location(s).
     
  5. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    This is a portion of the lof from July 30. After sptsweeper is aa portion of Winpatrol log where the computer was booted without winpatrol active and then starting winpatrol after login. Lastly is the "view history of Winpatrol.

    ********
    11:19 PM: | End of Session, Monday, July 31, 2006 |
    11:19 PM: Your spyware definitions have been updated.
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: On
    11:19 PM: Shield States
    11:18 PM: Spyware Definitions: 729
    11:18 PM: Spy Sweeper 5.0.5.1286 started
    10:45 PM: Warning: A required privilege is not held by the client
    10:45 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    10:45 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    10:45 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    10:45 PM: Warning: The handle is invalid
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: On
    10:45 PM: Shield States
    10:45 PM: Spyware Definitions: 729
    10:45 PM: Spy Sweeper 5.0.5.1286 started
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: On
    2:53 PM: Shield States
    2:53 PM: Spyware Definitions: 729
    2:53 PM: Spy Sweeper 5.0.5.1286 started
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\CLEANUP!\CLEANUP.EXE
    2:52 PM: Tamper Detection
    2:50 PM: Warning: A required privilege is not held by the client
    2:50 PM: Warning: A required privilege is not held by the client
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    2:50 PM: Warning: The handle is invalid
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: On
    2:50 PM: Shield States
    2:50 PM: Spyware Definitions: 729
    2:49 PM: Spy Sweeper 5.0.5.1286 started
    Operation: Terminate
    Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
    Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
    11:00 AM: Tamper Detection
    9:22 AM: Warning: A required privilege is not held by the client
    9:22 AM: Warning: TIdentifyCookieObj.GetCookiePaths(): Unable to map user: S-1-5-21-1229272821-57989841-1417001333-1005
    9:22 AM: Warning: Access is denied
    9:22 AM: Warning: A required privilege is not held by the client
    9:22 AM: Warning: Access is denied
    9:22 AM: Warning: A required privilege is not held by the client
    9:22 AM: Warning: Access is denied
    9:22 AM: Warning: Access is denied
    9:22 AM: Warning: Access is denied
    9:22 AM: Warning: Access is denied
    9:22 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST7C.tmp". Reason: The process cannot access the file because it is being used by another process
    9:22 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST7C.tmp.log". Reason: The process cannot access the file because it is being used by another process
    9:22 AM: Warning: S-1-5-21-1229272821-57989841-1417001333-1005 could not be unmapped. Error Code 5
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: On
    9:21 AM: Shield States
    9:21 AM: Spyware Definitions: 729
    9:20 AM: Spy Sweeper 5.0.5.1286 started
    8:51 AM: Your definitions are up to date.
    8:51 AM: Automated check for program update in progress.
    8:43 AM: Warning: A required privilege is not held by the client
    8:43 AM: Warning: TIdentifyCookieObj.GetCookiePaths(): Unable to map user: S-1-5-21-1229272821-57989841-1417001333-1005
    8:43 AM: Warning: Access is denied
    8:43 AM: Warning: A required privilege is not held by the client
    8:43 AM: Warning: Access is denied
    8:43 AM: Warning: Access is denied
    8:43 AM: Warning: Access is denied
    8:43 AM: Warning: Access is denied
    8:43 AM: Warning: Access is denied
    8:43 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST37F7.tmp". Reason: The process cannot access the file because it is being used by another process
    8:43 AM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST37F7.tmp.log". Reason: The process cannot access the file because it is being used by another process
    8:43 AM: Warning: S-1-5-21-1229272821-57989841-1417001333-1005 could not be unmapped. Error Code 5
    11:10 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    11:09 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    11:08 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    11:08 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    11:08 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    11:07 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    11:07 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    11:06 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    11:06 PM: IE Tracking Cookies Shield: Removed tacoda cookie
    9:15 AM: Deletion from quarantine completed. Elapsed time 00:00:00
    9:15 AM: Processing: spysheriff
    9:15 AM: Processing: trojan-downloader-daily-weather
    9:15 AM: Deletion from quarantine initiated
    9:14 AM: Removal process completed. Elapsed time 00:00:07
    9:14 AM: Quarantining All Traces: spysheriff
    9:14 AM: Quarantining All Traces: trojan-downloader-daily-weather
    9:14 AM: Removal process initiated
    9:14 AM: Traces Found: 3
    9:14 AM: Full Sweep has completed. Elapsed time 00:23:07
    9:14 AM: File Sweep Complete, Elapsed Time: 00:19:53
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\6zz7akfz\caqnsdqn.gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\6cdij4l8\background[1].gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\s1mr4d6j\not[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\c96nkh2b\al[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\s1mr4d6j\caoduj61.htm". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\98gntps5\al[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\dl8gms7x\al[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\6cdij4l8\al[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\oxiwzsk0\al[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\s1mr4d6j\get[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\shizcli3\cae7mbeh.gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\shizcli3\06_50x10[1].gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\98gntps5\ratings_consumer[2]". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\98gntps5\;page=franchise;sz=280x75;ord=1154137903998[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\dl8gms7x\95_50x10[1].gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\6cdij4l8\ntpagetag[7].gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\oxiwzsk0\cambwpqd.gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\c96nkh2b\caaf2bi5.gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\shizcli3\ntpagetag[3].gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\oxiwzsk0\ntpagetag[6].gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\6zz7akfz\rtm[1]". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\oxiwzsk0\b[1].gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\shizcli3\options[3]". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\oxiwzsk0\ca7i9c17.gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\dl8gms7x\;page=franchise;sz=280x75;ord=1154137884812[1].html". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\oxiwzsk0\camx9toy.gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\dl8gms7x\ca6rwb7g.gif". The operation completed successfully
    9:11 AM: Warning: Failed to open file "c:\documents and settings\dave\local settings\temporary internet files\content.ie5\6zz7akfz\caafw1iz.gif". The operation completed successfully
    8:54 AM: Starting File Sweep
    8:54 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    8:54 AM: Starting Cookie Sweep
    8:54 AM: Registry Sweep Complete, Elapsed Time:00:00:19
    8:54 AM: HKU\S-1-5-21-1229272821-57989841-1417001333-1003\software\microsoft\windows\currentversion\run\ || spysheriff (ID = 142123)
    8:54 AM: Found Adware: spysheriff
    8:54 AM: HKLM\software\microsoft\windows\currentversion\run\ || daily weather forecast (ID = 726437)
    8:54 AM: Starting Registry Sweep
    8:54 AM: Memory Sweep Complete, Elapsed Time: 00:02:47
    8:51 AM: Starting Memory Sweep
    8:51 AM: HKLM\software\microsoft\windows\currentversion\run\ || daily weather forecast (ID = 1167456)
    8:51 AM: Found Trojan Horse: trojan-downloader-daily-weather
    8:51 AM: Sweep initiated using definitions version 729
    8:51 AM: Spy Sweeper 5.0.5.1286 started
    8:51 AM: | Start of Session, Sunday, July 30, 2006 |



    ********



    WINPATROL


    Daily Weather Forecast
    weather.exe
    Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Path: C:\Program Files\Daily Weather Forecast\weather.exe
    First Detected by WinPatrol: 08/03/2006 7:57 AM
    Click for Plus Info


    SpySheriff
    SpySheriff.exe
    Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Path: C:\Program Files\SpySheriff\SpySheriff.exe
    First Detected by WinPatrol: 08/03/2006 7:57 AM
    Click for Plus Info


    WINPATOL VIEW HISTORY

    01/22/2006 10:13 AM IEHELPER_Alert TYPE_BHO
    01/22/2006 11:30 AM IEHELPER_Remove TYPE_BHO ice Pack 2 SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    01/23/2006 7:28 PM START_Alert MACHINE_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIADA.EXE EPSON Status Monitor 3
    01/23/2006 7:35 PM IEHELPER_Alert TYPE_BHO EPSON Web-To-Page C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL EPSON Web-To-Page
    01/24/2006 6:51 PM START_Alert MACHINE_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIADA.EXE EPSON Status Monitor 3
    01/24/2006 6:51 PM IEHELPER_Alert TYPE_BHO EPSON Web-To-Page C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL EPSON Web-To-Page
    01/24/2006 6:57 PM SERVICE_Stop SERVICE_EXE Office Source Engine C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    01/24/2006 6:57 PM SERVICE_Disabled SERVICE_EXE Office Source Engine C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    02/22/2006 12:44 PM SERVICE__from_Disabled SERVICE_EXE Lexar JD31 LxrJD31s.exe
    02/22/2006 12:44 PM SERVICE_Stop SERVICE_EXE Lexar JD31 LxrJD31s.exe
    02/22/2006 12:44 PM SERVICE_Disabled SERVICE_EXE Lexar JD31 LxrJD31s.exe
    03/09/2006 4:02 PM START_Alert CURRENT_RUN Adobe Update Manager C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\ADOBEUPDATEMANAGER.EXE Adobe Update Manager
    03/09/2006 5:44 PM START_Alert GROUP_STARTUP Adobe Acrobat C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE Adobe Acrobat SpeedLauncher
    03/09/2006 9:02 PM START_Alert MACHINE_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIADA.EXE EPSON Status Monitor 3
    03/10/2006 6:14 PM START_Alert MACHINE_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIADA.EXE EPSON Status Monitor 3
    03/10/2006 6:14 PM START_Alert GROUP_STARTUP Adobe Acrobat C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE Adobe Acrobat SpeedLauncher
    03/10/2006 6:14 PM TASK_Kill INFO_TASK Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    03/10/2006 6:14 PM *START_Remove GROUP_STARTUP Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    03/24/2006 4:48 PM START_Alert MACHINE_RUN Java(TM) 2 Platform Standard Edition 5.0 Update 6 C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE Java(TM) 2 Platform Standard Edition binary
    03/24/2006 4:48 PM IEHELPER_Alert TYPE_BHO Java(TM) 2 Platform Standard Edition 5.0 Update 6 C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL Java(TM) 2 Platform Standard Edition binary
    03/24/2006 4:53 PM START_Alert GROUP_STARTUP C:\PROGRAM FILES\OPENOFFICE.ORG 2.0\PROGRAM\QUICKSTART.EXE
    03/24/2006 4:53 PM *START_Remove GROUP_STARTUP quickstart C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe C:\Documents and Settings\Dave\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
    03/25/2006 1:19 AM TASK_Kill INFO_TASK SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    03/25/2006 9:24 AM START_Alert MACHINE_RUN Java(TM) 2 Platform Standard Edition 5.0 Update 6 C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE Java(TM) 2 Platform Standard Edition binary
    03/25/2006 9:24 AM IEHELPER_Alert TYPE_BHO Java(TM) 2 Platform Standard Edition 5.0 Update 6 C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL Java(TM) 2 Platform Standard Edition binary
    03/26/2006 12:35 AM START_Alert CURRENT_RUN Spyware Doctor C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE Spyware Doctor
    03/26/2006 12:35 AM IEHELPER_Alert TYPE_BHO Spyware Doctor C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\IESDSG.DLL Site Guard
    04/02/2006 9:23 AM IEHELPER_Alert TYPE_BHO
    04/04/2006 6:33 AM IEHELPER_Alert TYPE_BHO
    04/04/2006 6:39 AM IEHELPER_Remove TYPE_BHO ice Pack 2 SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    04/04/2006 6:30 PM START_Alert MACHINE_RUN ATI Desktop Component C:\WINDOWS\system32\ATIPTAXX.EXE ATI Desktop Control Panel
    04/06/2006 4:12 PM START_Alert MACHINE_RUN ATI Desktop Component C:\WINDOWS\system32\ATIPTAXX.EXE ATI Desktop Control Panel
    04/06/2006 4:12 PM *START_Remove MACHINE_RUN AtiPTA atiptaxx.exe
    04/22/2006 5:35 PM START_Alert MACHINE_RUN RealPlayer (32-bit) C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE RealNetworks Scheduler
    04/22/2006 5:37 PM START_Alert MACHINE_RUN RealPlayer (32-bit) C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE RealNetworks Scheduler
    04/25/2006 9:46 AM START_Alert MACHINE_RUN RealPlayer (32-bit) C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE RealNetworks Scheduler
    06/17/2006 11:58 AM START_Alert CURRENT_RUN Adobe Update Manager C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\ADOBEUPDATEMANAGER.EXE Adobe Update Manager
    06/23/2006 8:51 AM START_Alert GROUP_STARTUP Adobe Acrobat C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE Adobe Acrobat SpeedLauncher
    07/12/2006 8:31 PM START_Alert MACHINE_RUN Spy Sweeper C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE Spy Sweeper Client Executable
    07/12/2006 10:24 PM START_Alert MACHINE_RUN Spy Sweeper C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE Spy Sweeper Client Executable
    07/12/2006 10:24 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    07/12/2006 10:24 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/12/2006 10:24 PM START_Alert CURRENT_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9AA.EXE EPSON Status Monitor 3
    07/12/2006 10:24 PM START_Alert CURRENT_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9AA.EXE EPSON Status Monitor 3
    07/12/2006 10:24 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    07/12/2006 10:24 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    07/21/2006 12:07 PM START_Alert MACHINE_RUN QuickTime C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE QuickTime Task
    07/21/2006 12:07 PM *START_Remove MACHINE_RUN QuickTime Task C:\Program Files\QuickTime\qttask.exe -atboottime
    07/21/2006 12:09 PM START_Alert MACHINE_RUN QuickTime C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE QuickTime Task
    07/21/2006 12:09 PM *START_Remove MACHINE_RUN QuickTime Task C:\Program Files\QuickTime\qttask.exe -atboottime
    07/31/2006 2:50 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/31/2006 2:50 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    07/31/2006 2:53 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/31/2006 2:53 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    07/31/2006 10:47 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    07/31/2006 10:47 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/31/2006 10:47 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    07/31/2006 10:47 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    07/31/2006 11:19 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    07/31/2006 11:19 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/31/2006 11:19 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    07/31/2006 11:19 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 2:00 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/01/2006 2:01 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/01/2006 2:01 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/01/2006 2:02 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 3:30 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 3:30 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/01/2006 6:27 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/01/2006 6:28 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/01/2006 6:28 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/01/2006 6:28 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 6:35 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/01/2006 6:35 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/01/2006 6:35 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/01/2006 6:35 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 11:50 PM START_Alert MACHINE_RUN ewido anti-spyware C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE ewido anti-spyware
    08/02/2006 9:06 AM START_Alert MACHINE_RUN ewido anti-spyware C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE ewido anti-spyware
    08/02/2006 10:00 AM *START_Remove CURRENT_RUN Auto EPSON Stylus CX4600 Series on COMPUTER2 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P44 Auto EPSON Stylus CX4600 Series on COMPUTER2 /M Stylus CX4600 /EF HKCU
    08/02/2006 10:00 AM *START_Remove CURRENT_RUN EPSON Stylus CX4600 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 EPSON Stylus CX4600 Series /M Stylus CX4600 /EF HKCU
    08/02/2006 10:00 AM *START_Remove CURRENT_RUN msnmsgr C:\Program Files\MSN Messenger\msnmsgr.exe /background
    08/02/2006 10:03 AM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/02/2006 10:03 AM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/02/2006 10:03 AM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/02/2006 10:03 AM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/02/2006 4:05 PM SERVICE__from_Disabled SERVICE_EXE ewido anti-spyware 4.0 guard C:\Program Files\ewido anti-spyware 4.0\guard.exe
    08/02/2006 4:05 PM SERVICE_Stop SERVICE_EXE ewido anti-spyware 4.0 guard C:\Program Files\ewido anti-spyware 4.0\guard.exe
    08/02/2006 4:05 PM SERVICE_Disabled SERVICE_EXE ewido anti-spyware 4.0 guard C:\Program Files\ewido anti-spyware 4.0\guard.exe
    08/02/2006 6:02 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/02/2006 6:02 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/02/2006 6:02 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/02/2006 6:02 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/02/2006 7:26 PM TASK_Kill INFO_TASK WinPatrol C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    08/02/2006 7:26 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/02/2006 7:27 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 7:58 AM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 7:59 AM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 8:51 AM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 8:51 AM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 6:49 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/03/2006 6:49 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 6:49 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/03/2006 6:49 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 6:51 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 7:48 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 7:48 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 10:00 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/03/2006 10:00 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 10:00 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/03/2006 10:01 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/05/2006 10:15 PM START_Alert MACHINE_RUN QuickTime C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE QuickTime Task
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HijackThis and click Open the Misc Tools section
    Click Open Uninstall Manager, Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of the log here in your next reply.



    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  7. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    01/22/2006 10:13 AM IEHELPER_Alert TYPE_BHO
    01/22/2006 11:30 AM IEHELPER_Remove TYPE_BHO ice Pack 2 SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    01/23/2006 7:28 PM START_Alert MACHINE_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIADA.EXE EPSON Status Monitor 3
    01/23/2006 7:35 PM IEHELPER_Alert TYPE_BHO EPSON Web-To-Page C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL EPSON Web-To-Page
    01/24/2006 6:51 PM START_Alert MACHINE_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIADA.EXE EPSON Status Monitor 3
    01/24/2006 6:51 PM IEHELPER_Alert TYPE_BHO EPSON Web-To-Page C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL EPSON Web-To-Page
    01/24/2006 6:57 PM SERVICE_Stop SERVICE_EXE Office Source Engine C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    01/24/2006 6:57 PM SERVICE_Disabled SERVICE_EXE Office Source Engine C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    02/22/2006 12:44 PM SERVICE__from_Disabled SERVICE_EXE Lexar JD31 LxrJD31s.exe
    02/22/2006 12:44 PM SERVICE_Stop SERVICE_EXE Lexar JD31 LxrJD31s.exe
    02/22/2006 12:44 PM SERVICE_Disabled SERVICE_EXE Lexar JD31 LxrJD31s.exe
    03/09/2006 4:02 PM START_Alert CURRENT_RUN Adobe Update Manager C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\ADOBEUPDATEMANAGER.EXE Adobe Update Manager
    03/09/2006 5:44 PM START_Alert GROUP_STARTUP Adobe Acrobat C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE Adobe Acrobat SpeedLauncher
    03/09/2006 9:02 PM START_Alert MACHINE_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIADA.EXE EPSON Status Monitor 3
    03/10/2006 6:14 PM START_Alert MACHINE_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIADA.EXE EPSON Status Monitor 3
    03/10/2006 6:14 PM START_Alert GROUP_STARTUP Adobe Acrobat C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE Adobe Acrobat SpeedLauncher
    03/10/2006 6:14 PM TASK_Kill INFO_TASK Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    03/10/2006 6:14 PM *START_Remove GROUP_STARTUP Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    03/24/2006 4:48 PM START_Alert MACHINE_RUN Java(TM) 2 Platform Standard Edition 5.0 Update 6 C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE Java(TM) 2 Platform Standard Edition binary
    03/24/2006 4:48 PM IEHELPER_Alert TYPE_BHO Java(TM) 2 Platform Standard Edition 5.0 Update 6 C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL Java(TM) 2 Platform Standard Edition binary
    03/24/2006 4:53 PM START_Alert GROUP_STARTUP C:\PROGRAM FILES\OPENOFFICE.ORG 2.0\PROGRAM\QUICKSTART.EXE
    03/24/2006 4:53 PM *START_Remove GROUP_STARTUP quickstart C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe C:\Documents and Settings\Dave\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
    03/25/2006 1:19 AM TASK_Kill INFO_TASK SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    03/25/2006 9:24 AM START_Alert MACHINE_RUN Java(TM) 2 Platform Standard Edition 5.0 Update 6 C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE Java(TM) 2 Platform Standard Edition binary
    03/25/2006 9:24 AM IEHELPER_Alert TYPE_BHO Java(TM) 2 Platform Standard Edition 5.0 Update 6 C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL Java(TM) 2 Platform Standard Edition binary
    03/26/2006 12:35 AM START_Alert CURRENT_RUN Spyware Doctor C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE Spyware Doctor
    03/26/2006 12:35 AM IEHELPER_Alert TYPE_BHO Spyware Doctor C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\IESDSG.DLL Site Guard
    04/02/2006 9:23 AM IEHELPER_Alert TYPE_BHO
    04/04/2006 6:33 AM IEHELPER_Alert TYPE_BHO
    04/04/2006 6:39 AM IEHELPER_Remove TYPE_BHO ice Pack 2 SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    04/04/2006 6:30 PM START_Alert MACHINE_RUN ATI Desktop Component C:\WINDOWS\system32\ATIPTAXX.EXE ATI Desktop Control Panel
    04/06/2006 4:12 PM START_Alert MACHINE_RUN ATI Desktop Component C:\WINDOWS\system32\ATIPTAXX.EXE ATI Desktop Control Panel
    04/06/2006 4:12 PM *START_Remove MACHINE_RUN AtiPTA atiptaxx.exe
    04/22/2006 5:35 PM START_Alert MACHINE_RUN RealPlayer (32-bit) C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE RealNetworks Scheduler
    04/22/2006 5:37 PM START_Alert MACHINE_RUN RealPlayer (32-bit) C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE RealNetworks Scheduler
    04/25/2006 9:46 AM START_Alert MACHINE_RUN RealPlayer (32-bit) C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE RealNetworks Scheduler
    06/17/2006 11:58 AM START_Alert CURRENT_RUN Adobe Update Manager C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\ADOBEUPDATEMANAGER.EXE Adobe Update Manager
    06/23/2006 8:51 AM START_Alert GROUP_STARTUP Adobe Acrobat C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE Adobe Acrobat SpeedLauncher
    07/12/2006 8:31 PM START_Alert MACHINE_RUN Spy Sweeper C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE Spy Sweeper Client Executable
    07/12/2006 10:24 PM START_Alert MACHINE_RUN Spy Sweeper C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE Spy Sweeper Client Executable
    07/12/2006 10:24 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    07/12/2006 10:24 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/12/2006 10:24 PM START_Alert CURRENT_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9AA.EXE EPSON Status Monitor 3
    07/12/2006 10:24 PM START_Alert CURRENT_RUN EPSON Status Monitor 3 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9AA.EXE EPSON Status Monitor 3
    07/12/2006 10:24 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    07/12/2006 10:24 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    07/21/2006 12:07 PM START_Alert MACHINE_RUN QuickTime C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE QuickTime Task
    07/21/2006 12:07 PM *START_Remove MACHINE_RUN QuickTime Task C:\Program Files\QuickTime\qttask.exe -atboottime
    07/21/2006 12:09 PM START_Alert MACHINE_RUN QuickTime C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE QuickTime Task
    07/21/2006 12:09 PM *START_Remove MACHINE_RUN QuickTime Task C:\Program Files\QuickTime\qttask.exe -atboottime
    07/31/2006 2:50 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/31/2006 2:50 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    07/31/2006 2:53 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/31/2006 2:53 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    07/31/2006 10:47 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    07/31/2006 10:47 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/31/2006 10:47 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    07/31/2006 10:47 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    07/31/2006 11:19 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    07/31/2006 11:19 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    07/31/2006 11:19 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    07/31/2006 11:19 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 2:00 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/01/2006 2:01 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/01/2006 2:01 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/01/2006 2:02 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 3:30 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 3:30 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/01/2006 6:27 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/01/2006 6:28 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/01/2006 6:28 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/01/2006 6:28 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 6:35 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/01/2006 6:35 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/01/2006 6:35 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/01/2006 6:35 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/01/2006 11:50 PM START_Alert MACHINE_RUN ewido anti-spyware C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE ewido anti-spyware
    08/02/2006 9:06 AM START_Alert MACHINE_RUN ewido anti-spyware C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\EWIDO.EXE ewido anti-spyware
    08/02/2006 10:00 AM *START_Remove CURRENT_RUN Auto EPSON Stylus CX4600 Series on COMPUTER2 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P44 Auto EPSON Stylus CX4600 Series on COMPUTER2 /M Stylus CX4600 /EF HKCU
    08/02/2006 10:00 AM *START_Remove CURRENT_RUN EPSON Stylus CX4600 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 EPSON Stylus CX4600 Series /M Stylus CX4600 /EF HKCU
    08/02/2006 10:00 AM *START_Remove CURRENT_RUN msnmsgr C:\Program Files\MSN Messenger\msnmsgr.exe /background
    08/02/2006 10:03 AM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/02/2006 10:03 AM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/02/2006 10:03 AM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/02/2006 10:03 AM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/02/2006 4:05 PM SERVICE__from_Disabled SERVICE_EXE ewido anti-spyware 4.0 guard C:\Program Files\ewido anti-spyware 4.0\guard.exe
    08/02/2006 4:05 PM SERVICE_Stop SERVICE_EXE ewido anti-spyware 4.0 guard C:\Program Files\ewido anti-spyware 4.0\guard.exe
    08/02/2006 4:05 PM SERVICE_Disabled SERVICE_EXE ewido anti-spyware 4.0 guard C:\Program Files\ewido anti-spyware 4.0\guard.exe
    08/02/2006 6:02 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/02/2006 6:02 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/02/2006 6:02 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/02/2006 6:02 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/02/2006 7:26 PM TASK_Kill INFO_TASK WinPatrol C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    08/02/2006 7:26 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/02/2006 7:27 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 7:58 AM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 7:59 AM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 8:51 AM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 8:51 AM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 6:49 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/03/2006 6:49 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 6:49 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/03/2006 6:49 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 6:51 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 7:48 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 7:48 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/03/2006 10:00 PM START_Alert MACHINE_RUN C:\PROGRAM FILES\DAILY WEATHER FORECAST\WEATHER.EXE
    08/03/2006 10:00 PM *START_Remove MACHINE_RUN Daily Weather Forecast C:\Program Files\Daily Weather Forecast\weather.exe
    08/03/2006 10:00 PM START_Alert CURRENT_RUN C:\PROGRAM FILES\SPYSHERIFF\SPYSHERIFF.EXE
    08/03/2006 10:01 PM *START_Remove CURRENT_RUN SpySheriff C:\Program Files\SpySheriff\SpySheriff.exe
    08/05/2006 10:15 PM START_Alert MACHINE_RUN QuickTime C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE QuickTime Task


    SmitFraudFix v2.81

    Scan done at 17:08:35.68, Mon 08/07/2006
    Run from C:\Documents and Settings\Dave\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dave\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dave\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Thank you
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HijackThis and click Open the Misc Tools section
    Click Open Uninstall Manager, Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of the log here in your next reply.
     
  9. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    3DMark03
    Ad-Aware SE Personal
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Photoshop CS
    Adobe Reader 7.0.8
    Adobe Type Manager 4.0
    Advanced Office Password Breaker (remove only)
    AirPlus G
    Allofmp3 Explorer
    Aluria LiteScanner
    ANIO Service
    ANIWZCS2 Service
    ATI Display Driver
    AVG Free Edition
    Call of Duty - United Offensive
    Call of Duty Game of the Year Edition
    Carmen Sandiego Word Detective(TM)
    CC Get MAC Address 2.1
    CleanUp!
    C-Media 3D Audio
    C-Media WDM Audio Driver
    Data Converter 2004
    DH Driver Cleaner Professional Edition
    DrawPlus 3.0
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVDFab Decrypter 2.9.8.0
    EPSON CardMonitor
    EPSON Copy Utility 3
    EPSON CX 4200 4800 Guide
    EPSON PhotoStarter3.2
    EPSON Printer Software
    EPSON Scan
    EPSON Smart Panel
    EPSON Web-To-Page
    ewido anti-spyware 4.0
    Ghost Recon
    Google Earth
    Hauppauge WinTV2000
    Higher Score on the ACT
    HijackThis 1.99.1
    iRiver Manager
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_05
    Java 2 Runtime Environment, SE v1.4.2_06
    JD Secure 3.1
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    MadOnion.com/3DMark2001 SE
    MediaPortal
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Data Access Components KB870669
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office 97, Professional Edition
    Microsoft Office Converter Pack
    Microsoft Office Standard Edition 2003
    Microsoft Web Publishing Wizard 1.52
    Mozilla Firefox (1.5.0.5)
    MSN Music Assistant
    MultiRes (remove only)
    Nero 6 Demo
    Netscape (7.2)
    NTI CD & DVD-Maker Gold
    NVIDIA Audio Driver
    NVIDIA Drivers
    NVIDIA System Utility
    NVIDIA Windows 2000/XP nForce Drivers
    OpenOffice.org 2.0
    Panda ActiveScan
    ParadisePoker.net
    Photo Organizer
    PowerDVD
    PrintMaster
    Quicken 2004
    QuickTime
    Radeon Omega Drivers v2.6.12 Setup Files
    Registrar Lite 2.00
    RegistryFix v5.5
    RTLSetup
    ScanToWeb
    SD Viewer for DSC
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    SiSoftware Sandra Standard 2004 (OverclockedCafe.com Edition)
    Spy Sweeper
    Spybot - Search & Destroy 1.3
    SpywareBlaster v3.5.1
    SpywareGuard v2.2
    TurboTax Deluxe 2005
    ubi.com
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Wal-Mart Music Downloads Store
    WexTech AnswerWorks
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinPatrol
    Yahoo! Anti-Spy
    Yahoo! Toolbar
     
  10. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    Not sure what happened there, sorry
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    That's ok, no problem...

    Go to control panel, add/remove programs and remove these:
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_05


    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy the entire contents of the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log
     
  12. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    On reboot Winpatrol alerted to sctwrgud.bat wanting to load, to which I said yes. I don't know what that is I just assumed it was related to avenger. Winpatrol also alerted to weather.exe and spysheriff.exe wanting to load to which I said no.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:54:15 PM, on 8/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Dave\Desktop\Spyware tools\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX4800 Series on SCHMIED on KATIE] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P56 "Auto Auto EPSON Stylus CX4800 Series on SCHMIED on KATIE" /O16 "\\KATIE\AutoEPSO" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129862909477
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax2918.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\ojtufjjb

    *******************

    Script file located at: \??\C:\Program Files\xhhkykvj.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    Folder C:\Program Files\SpySheriff not found!
    Deletion of folder C:\Program Files\SpySheriff failed!

    Could not process line:
    C:\Program Files\SpySheriff
    Status: 0xc0000034



    Folder C:\Program Files\Daily Weather Forecast not found!
    Deletion of folder C:\Program Files\Daily Weather Forecast failed!

    Could not process line:
    C:\Program Files\Daily Weather Forecast
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.

    Thank you
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don’t do anything with it yet!


    Reboot to safe mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot to normal mode.


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
    Also post a new Hijack This log.
     
  14. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    Here are the logs, Also, winpatrol alerted to them again on reboot.

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...
    FSG! 3/7/2006 9:34:34 PM 160421888 C:\DVD_SHRINK.ISO

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe
    aspack 12/30/2003 4:01:02 AM 410640 C:\WINDOWS\eFaxview.exe
    PECompact2 3/25/2006 2:00:54 AM 17300115 C:\WINDOWS\LPT$VPN.285
    qoologic 3/25/2006 2:00:54 AM 17300115 C:\WINDOWS\LPT$VPN.285
    SAHAgent 3/25/2006 2:00:54 AM 17300115 C:\WINDOWS\LPT$VPN.285
    UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
    UPX! 3/25/2006 2:00:54 AM 176709 C:\WINDOWS\tsc.exe
    PECompact2 3/25/2006 2:00:54 AM 17300115 C:\WINDOWS\VPTNFILE.285
    qoologic 3/25/2006 2:00:54 AM 17300115 C:\WINDOWS\VPTNFILE.285
    SAHAgent 3/25/2006 2:00:54 AM 17300115 C:\WINDOWS\VPTNFILE.285
    UPX! 3/25/2006 2:00:54 AM 1077328 C:\WINDOWS\vsapi32.dll
    aspack 3/25/2006 2:00:54 AM 1077328 C:\WINDOWS\vsapi32.dll

    Checking %System% folder...
    PEC2 8/23/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
    PEC2 2/14/1997 10:24:14 PM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb
    aspack 7/6/2006 8:21:46 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    PEC2 11/17/1996 1:00:00 AM 163384 C:\WINDOWS\SYSTEM32\ODBCJET.HLP
    qoologic 10/3/2004 10:39:40 PM 6915599 C:\WINDOWS\SYSTEM32\pav.sig
    aspack 10/3/2004 10:39:40 PM 6915599 C:\WINDOWS\SYSTEM32\pav.sig
    SAHAgent 10/3/2004 10:39:40 PM 6915599 C:\WINDOWS\SYSTEM32\pav.sig
    Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    winsync 8/23/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

    Checking %System%\Drivers folder and sub-folders...
    UPX! 5/24/2006 5:00:16 AM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    FSG! 5/24/2006 5:00:16 AM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    PEC2 5/24/2006 5:00:16 AM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    aspack 5/24/2006 5:00:16 AM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    8/7/2006 6:35:16 PM S 2048 C:\WINDOWS\bootstat.dat
    8/5/2006 10:14:06 PM H 54156 C:\WINDOWS\QTFont.qfn
    8/7/2006 6:35:20 PM S 64 C:\WINDOWS\CSC\00000001
    8/7/2006 6:35:42 PM H 12288 C:\WINDOWS\system32\config\default.LOG
    8/7/2006 6:35:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
    8/7/2006 6:35:18 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
    8/7/2006 6:36:18 PM H 114688 C:\WINDOWS\system32\config\software.LOG
    8/7/2006 6:35:42 PM H 1376256 C:\WINDOWS\system32\config\system.LOG
    7/12/2006 8:26:42 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    7/12/2006 8:30:48 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\d6367037-68b3-422a-a65a-983b48baa727
    7/12/2006 8:30:48 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
    7/1/2006 11:38:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3e33cfb2-5a15-4cdd-a7cc-5546e78e4a92
    7/1/2006 11:38:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
    8/7/2006 6:34:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    FotoNation inc. 3/26/1998 3:01:34 PM 27136 C:\WINDOWS\SYSTEM32\camcpl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 9/30/2004 10:17:14 AM 135168 C:\WINDOWS\SYSTEM32\DIRECTX.CPL
    11/17/1996 1:00:00 AM 22528 C:\WINDOWS\SYSTEM32\FINDFAST.CPL
    Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    InstallShield Software Corporation2/16/2005 4:15:20 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 8/23/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 8/23/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    Microsoft Corporation 8/23/2001 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Apple Computer, Inc. 8/26/1996 3:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
    Apple Computer, Inc. 6/3/2005 9:42:48 PM 843776 C:\WINDOWS\SYSTEM32\QuickTime.cpl
    SiSoftware 9/29/2003 7:42:58 PM 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 8/23/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 8/23/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 8/23/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 8/23/2001 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
    Microsoft Corporation 8/23/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
    Microsoft Corporation 9/30/2004 11:17:14 AM 135168 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\DIRECTX.CPL
    Microsoft Corporation 9/10/2003 9:45:08 AM 126976 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\DIRECTX.CPL
    Microsoft Corporation 9/10/2003 9:45:08 AM 126976 C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\DIRECTX.CPL
    C-Media Corporation 3/25/2003 3:34:46 AM 929792 C:\WINDOWS\SYSTEM32\ReinstallBackups\0037\DriverFiles\cmicnfg.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    12/26/2005 11:33:28 PM 1927 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    6/17/2006 11:59:04 AM 1766 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    2/7/2004 1:03:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    2/6/2004 4:45:00 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

    Checking files in %USERPROFILE%\Startup folder...
    2/7/2004 1:03:00 AM HS 84 C:\Documents and Settings\Dave\Start Menu\Programs\Startup\desktop.ini
    8/9/2004 10:15:12 PM 659 C:\Documents and Settings\Dave\Start Menu\Programs\Startup\SpywareGuard.lnk

    Checking files in %USERPROFILE%\Application Data folder...
    6/29/2005 10:09:36 AM 1069 C:\Documents and Settings\Dave\Application Data\AdobeDLM.log
    2/6/2004 4:45:00 PM HS 62 C:\Documents and Settings\Dave\Application Data\desktop.ini
    6/29/2005 10:09:36 AM 0 C:\Documents and Settings\Dave\Application Data\dm.ini

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
    {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
    = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
    SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
    EpsonToolBandKicker Class = C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
    MenuText = Uninstall BitDefender Online Scanner v8 :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    ButtonText = Research :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
    Shell Search Band = %SystemRoot%\system32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
    Search Band = %SystemRoot%\System32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\system32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    D-Link AirPlus G "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    ANIWZCS2Service "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    AVG7_CC "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    ISUSPM Startup "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    EPSON Stylus CX4800 Series "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"
    Auto Auto EPSON Stylus CX4800 Series on SCHMIED on KATIE "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P56 "Auto Auto EPSON Stylus CX4800 Series on SCHMIED on KATIE" /O16 "\\KATIE\AutoEPSO" /M "Stylus CX4800"
    WinPatrol "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    SunJavaUpdateSched "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^Microsoft Find Fast.lnk
    path C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
    backup C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup
    location Startup
    command C:\PROGRA~1\MICROS~2\Office\FINDFAST.EXE
    item Microsoft Find Fast
    path C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
    backup C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup
    location Startup
    command C:\PROGRA~1\MICROS~2\Office\FINDFAST.EXE
    item Microsoft Find Fast

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^Office Startup.lnk
    path C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Office Startup.lnk
    backup C:\WINDOWS\pss\Office Startup.lnkStartup
    location Startup
    command C:\PROGRA~1\MICROS~2\Office\OSA.EXE -b
    item Office Startup
    path C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Office Startup.lnk
    backup C:\WINDOWS\pss\Office Startup.lnkStartup
    location Startup
    command C:\PROGRA~1\MICROS~2\Office\OSA.EXE -b
    item Office Startup

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item aim
    hkey HKCU
    command C:\Program Files\AIM\aim.exe -cnetwait.odl
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item aim
    hkey HKCU
    command C:\Program Files\AIM\aim.exe -cnetwait.odl
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\asustweakenable
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item ATweak
    hkey HKCU
    command C:\Program Files\ASUS\Tweaking Utilities\ATweak.exe /start
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item ATweak
    hkey HKCU
    command C:\Program Files\ASUS\Tweaking Utilities\ATweak.exe /start
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item iTunesHelper
    hkey HKLM
    command C:\Program Files\iTunes\iTunesHelper.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item iTunesHelper
    hkey HKLM
    command C:\Program Files\iTunes\iTunesHelper.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item NeroCheck
    hkey HKLM
    command C:\WINDOWS\System32\\NeroCheck.exe
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item NeroCheck
    hkey HKLM
    command C:\WINDOWS\System32\\NeroCheck.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item PDVDServ
    hkey HKLM
    command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item PDVDServ
    hkey HKLM
    command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 2


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1
    DisableTaskMgr 0


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
    NoCloseDragDropBands 0
    NoMovingBands 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 145

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    DisableRegistryTools 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
    = Ati2evxx.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 8/7/2006 6:42:30 PM
     
  15. atcdav

    atcdav Thread Starter

    Joined:
    Sep 24, 2005
    Messages:
    78
    HJT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:46:57 PM, on 8/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Dave\Desktop\Spyware tools\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX4800 Series on SCHMIED on KATIE] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P56 "Auto Auto EPSON Stylus CX4800 Series on SCHMIED on KATIE" /O16 "\\KATIE\AutoEPSO" /M "Stylus CX4800"
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
    O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129862909477
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax2918.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489765

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice