1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

spyaxe

Discussion in 'Virus & Other Malware Removal' started by recordmoth, Jan 2, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. recordmoth

    recordmoth Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    hi
    I Just got spyaxe today. I don't really know much about getting rid of these kind of things- I've downloaded spybot and other things today and cleaned up a lot but I can't make this go away.

    I've just found this website so I thought I'd see if someone could help...

    A virus alert keeps coming at the bottom of the screen when I click on it takes me to a site and tries to get me to download the software. Even though I don't download, the spyaxe software seems to keep appearing on my desk top. Also when I start IE it loads up systemwarning.com - whatever I change my homepage to I can't get on to that site and i'm taken to systemwarning.com instead where it tries to get me to download software.

    Also I just noticed when searching google for info on spyaxe that a few sites wouldn't open and I get a message at the top of the screen saying an adware won't allow me to open the site and I need to download spy trooper... Is this something to do with spyaxe too?


    I've just been reading another thread and I followed the instuctions to downlaod Hijack this. I've done the scan and copied it from notepad. Here it is:

    Logfile of HijackThis v1.99.1
    Scan saved at 04:50:31, on 02/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\DVDRAMSV.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\mssearchnet.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Money\System\Money Express.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\twain_32\CANON\FB310\Scaner32.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vvv.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bobdylan.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personal.leeds.ac.uk/~phy0gjw
    F2 - REG:system.ini: Shell=Explorer.exe
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp7AF7.tmp
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINDOWS\system32\tiyl.exe
    O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70111799 /d
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [uereyv] C:\WINDOWS\system32\qrlyzw.exe r
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: CanoScan FB310 Utilities.lnk = C:\WINDOWS\twain_32\CANON\FB310\Scaner32.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136121392203
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


    I'd really appreciate it if someone could help :) I've been messing round with it all day and it's a bit annoying. The virus alert has been popping up at the bottom right of the screen all day making an annoying noise. I just did another spybot scan and it seems to have stopped doing that for the moment... IE homepage still takes me to systemwarning.com tho. IE seems to jerk as I start it up, i'm not sure what that means or if it's a sign of anything?

    Thanks ...
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Please save or print these instructions before beginning
    • Save smitRem to your Desktop and run smitRem.exe
    • Download and install Ewido Security Suite
    • During the installation, uncheck the following under Additional Options:

      Install background guard
      Install scan via context menu
    • Run Ewido and click OK when prompted to update the program
    • On the left side of the screen, click update>>Start
    • When the update is finished, exit Ewido
    • Open the smitRem folder and run RunThis.bat. Follow the onscreen prompts
    • Run Ewido Security Suite
    • Click scanner>>Complete System Scan
    • Click OK when prompted to clean the problems found
    • When the scan is finished, click Save Report and save a copy of this log to your Desktop
    • Exit Ewido
    • Go to Start>>Control Panel>>Internet Options>>Programs
    • Click Reset Web Settings>>Apply>>OK
    • Go to Start>>Control Panel>>Display>>Desktop
    • Click Customize Desktop>>Web
    • If you see an entry called Security info or something similar, select it and click Delete>>OK>>Apply>>OK
    • Restart your computer
    • Post the contents of C:\smitfiles.txt
    • Post the contents of the Ewido Security Suite report that you saved to your Desktop earlier
    • Run HijackThis and click Do a system scan and save a log file
    • Your HijackThis log will open in Notepad. Post the contents of the log here
     
  3. recordmoth

    recordmoth Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    Thanks for the quick response... (y) I'll get on with that and get back to you.
     
  4. recordmoth

    recordmoth Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    All done.

    Here are results of kaspersky online scanner:

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, January 02, 2006 11:40:27
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 2/01/2006
    Kaspersky Anti-Virus database records: 158387
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 79031
    Number of viruses found: 14
    Number of infected objects: 135
    Number of suspicious objects: 0
    Duration of the scan process: 3131 sec

    Infected Object Name - Virus Name
    C:\Documents and Settings\g\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3ee65730-7914ebee.class Infected: Trojan-Downloader.Java.OpenStream.y
    C:\Documents and Settings\g\Local Settings\Temporary Internet Files\Content.IE5\QP47OV4H\l[1].exe Infected: Trojan-Downloader.Win32.Zlob.dq
    C:\Program Files\Microsoft AntiSpyware\Quarantine\0904E721-7F6B-4BA6-BADA-B6EA4D\259FC1D5-8437-4C4A-863C-DF81E4 Infected: Trojan.Win32.Agent.db
    C:\Program Files\Microsoft AntiSpyware\Quarantine\87B823A6-FEE1-4301-8A9E-50F8F3\CA2041EE-96E0-432C-897A-1BAE02 Infected: Trojan.Win32.Agent.kp
    C:\Program Files\Microsoft AntiSpyware\Quarantine\87C8CDDD-2C25-4B4E-8C35-EE4C0B\7D519116-9702-40ED-A3A6-81DE07 Infected: Trojan.Win32.Agent.ic
    C:\Program Files\Microsoft AntiSpyware\Quarantine\A8FF08AA-273C-4DD0-B8FA-BEA0C4\82CA1C94-26BF-458C-9814-340C4D Infected: Trojan.Win32.Agent.ic
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B8F4B905-D8D0-47AB-8157-52B99E\005E5226-BC7C-4217-A62E-90DDB1 Infected: Trojan.Win32.Agent.ic
    C:\Program Files\Microsoft AntiSpyware\Quarantine\BCED4CD5-A0B9-43ED-A8BF-4DBDE0\DE3B8C1A-0D0A-4C17-B3C7-F7C5CF Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP132\A0048925.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP136\A0049926.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP136\A0050926.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP137\A0051926.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP137\A0052926.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP137\A0053925.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP139\A0054925.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP139\A0055925.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP141\A0055950.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP142\A0055979.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP142\A0055983.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP142\A0056951.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP142\A0056952.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP142\A0057952.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP142\A0058017.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP142\A0058026.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0058104.exe Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0058147.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0058148.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0059124.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0059166.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0059169.exe Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0060125.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0061126.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0062125.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0063124.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP143\A0064124.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP144\A0064196.dll Infected: Trojan.Win32.Agent.kp
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP144\A0064198.exe Infected: Trojan.Win32.Pakes
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP144\A0064199.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP144\A0064209.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0065209.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0065226.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0065229.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0066225.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0067225.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0068225.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0069225.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0070225.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0071225.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0071294.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0072294.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0072327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0073327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0074327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0075327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0076327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0077327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0078327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0079327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP145\A0080327.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0080379.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0080391.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0081386.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0082386.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0083386.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0084386.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0084432.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0085432.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0086431.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0087434.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0088432.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0089432.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0089474.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0090474.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0090509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0091509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0092509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0093509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0094513.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0095510.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0096509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0097509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0098509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0099509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0100509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0101509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0102509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0103509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0104510.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0105509.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0105531.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0105532.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP146\A0106531.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0106630.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0106696.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0107697.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0108696.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0108697.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0109697.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0109699.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0110696.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0111696.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0112696.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0113699.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0114696.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0114823.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0114825.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0114851.dll Infected: Trojan.Win32.Agent.db
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0114864.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0114865.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP147\A0114867.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115017.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115028.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115032.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115049.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115163.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115208.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115211.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115328.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115340.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115342.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP149\A0115490.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115558.exe Infected: Trojan-Dropper.Win32.Agent.vl
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115559.exe Infected: Trojan-Dropper.Win32.Agent.mu
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115568.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115578.dll Infected: Trojan.Win32.Agent.ic
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115586.exe Infected: Trojan.Win32.Agent.ay
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115675.exe Infected: Trojan.Win32.LowZones.df
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115684.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115685.exe Infected: Trojan-Downloader.Win32.Zlob.bu
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115687.exe Infected: Trojan-Downloader.Win32.Zlob.dr
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115688.exe Infected: Trojan-Downloader.Win32.Zlob.dq
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115689.exe Infected: Trojan-Downloader.Win32.Agent.tf
    C:\System Volume Information\_restore{E6E5D273-3852-4548-9D5F-83DE56ECD84F}\RP151\A0115693.exe Infected: Trojan.Win32.Agent.ay
    C:\WINDOWS\system32\InstallerV5.exe/data0006 Infected: Backdoor.Win32.HacDef.bo
    C:\WINDOWS\system32\InstallerV5.exe Infected: Backdoor.Win32.HacDef.bo

    Scan process completed.
     
  5. recordmoth

    recordmoth Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    Here is the smitfiles file:



    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: 02/01/2006
    The current time is: 6:58:27.96

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Online Security Guide.url
    Online Security Guide.url
    Security Troubleshooting.url
    Security Troubleshooting.url


    ~~~ Favorites ~~~

    Antivirus Test Online.url


    ~~~ system32 folder ~~~

    1024 dir
    msvol.tlb
    ld****.tmp
    mssearchnet.exe
    ncompat.tlb
    nvctrl.exe
    mscornet.exe
    hp***.tmp


    ~~~ Icons in System32 ~~~

    ts.ico
    ot.ico


    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 [email protected]
    Killing PID 892 'explorer.exe'
    Killing PID 892 'explorer.exe'

    Starting registry repairs

    Deleting files


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~

    Online Security Guide.url
    Online Security Guide.url


    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Miscellaneous Files/folders ~~~




    ~~~ Wininet.dll ~~~

    CLEAN! :)
     
  6. recordmoth

    recordmoth Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    Here's the Ewido report:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 08:35:34, 02/01/2006
    + Report-Checksum: 3CC21C2B

    + Scan result:

    HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-6663810-1723617592-393042161-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -> Spyware.ComLoad : Cleaned with backup
    C:\Documents and Settings\g\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\my.class-66735319-7aedc86d.class -> Downloader.Small.aaq : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.71i : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
    C:\Documents and Settings\g\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\g\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
    C:\Documents and Settings\g\Local Settings\Temporary Internet Files\Content.IE5\63ELYNLJ\gdnUS250[1].exe -> Downloader.Small.ayl : Cleaned with backup
    C:\Documents and Settings\g\Local Settings\Temporary Internet Files\Content.IE5\EQCPM2N3\gba250[1].exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\g\Local Settings\Temporary Internet Files\Content.IE5\F2VPOCSP\dba250[1].exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\g\Local Settings\Temporary Internet Files\Content.IE5\F2VPOCSP\ErrorSafeScannerInstall[1].cab/UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
    C:\Documents and Settings\g\Local Settings\Temporary Internet Files\Content.IE5\F2VPOCSP\wmf_exp[1].wmf -> Downloader.Agent.acd : Cleaned with backup
    C:\Program Files\CMAPP\cmappstub.exe -> Downloader.Agent.tf : Cleaned with backup
    C:\Program Files\MalwareWipe\MalwareWipe.exe -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\107A1066-9CDD-45F3-A21E-4D9CBE\E61143E8-D521-4CB3-B060-6685D6 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\4206625A-19D5-4E6A-BD50-604F02\D616767A-9730-4E75-9EC6-976B3A -> Trojan.Agent.ic : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\48996F0B-DB59-4DD4-95DC-CA7596\75722EFD-1B89-4C46-91BF-19C767 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\4F9776F3-1B06-4928-9E32-A76686\CF3F0E7F-7794-4D56-A9A6-525AE0 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\60FECCCA-23F9-4897-AF94-AEACE4\478F8B50-F050-4B39-9045-FF4F58 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\6F0F501F-A3AF-4D90-93A4-2B26C8\28481B9D-ABFC-4ACE-8E96-C62412 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\7CAA9718-51AD-4B11-A542-8DEF67\57E267CA-102E-4480-8D30-87CA40 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\BDD26767-1CF1-416F-BF55-CF2A36\DD159A05-021F-4221-95BB-037634 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\C85DBB39-878F-4BCD-ABB8-77F035\4AC43E8E-CC77-478D-B861-EEA690 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\CC6C1951-8BE5-4141-AEC7-D01F2F\5B4A06FB-A035-4660-BDFB-87C962 -> Adware.Spyaxe : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\E8C2384F-7097-4065-965E-CF0B45\63F07718-70F8-4FC6-BD36-D5A559 -> Adware.SAHA : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\F579D242-53FA-4A8E-A3BF-0B13D0\301158F8-00C0-412E-BC3E-EF9F59 -> Adware.Spyaxe : Cleaned with backup
    C:\RECYCLER\S-1-5-21-6663810-1723617592-393042161-1006\Dc277.exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\gba250.exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\WINDOWS\svcproc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\WINDOWS\system32\hjpqftc.exe -> Trojan.Agent.ay : Cleaned with backup
    C:\WINDOWS\system32\netlanm.dll -> Spyware.SafeSurfing : Cleaned with backup
    C:\WINDOWS\system32\nsv169.dll -> Spyware.HotSearchBar : Cleaned with backup


    ::Report End
     
  7. recordmoth

    recordmoth Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    26
    Just done Hijack this scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:06:54, on 02/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Whisper Technology\FTP Surfer\Surfer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\McAfee.com\MPS\mscifapp.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bobdylan.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personal.leeds.ac.uk/~phy0gjw
    F2 - REG:system.ini: Shell=Explorer.exe
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136121392203
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
     
  8. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430207

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice