Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ivideo Codec Issues


  • This topic is locked This topic is locked
24 replies to this topic

#1 KoR

KoR

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 05 November 2006 - 07:02 PM

Downloaded a false video codec, here I am now. Cannot go to certain websites, cannot open certain programs, and getting porn and spyware fixer ads. Seems like a common enough problem.

Logfile of HijackThis v1.99.1
Scan saved at 2:45:23 PM, on 11/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\iVideoCodec\isamonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iVideoCodec\isamini.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Corey Raymond\Desktop\Computer safety\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\iVideoCodec\iesplugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [VirusBursters] C:\Program Files\VirusBursters\virusbursters.exe /h
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Reminder] C:\Program Files\MoRUN.net\Secure Reminder\reminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - java script:{document.location='http://sexmaxx.com/freegalleries.htm';}
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Corey Raymond\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINNT\system32\okkmtv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:08 AM

Posted 05 November 2006 - 10:46 PM

Hello KoR,

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 KoR

KoR
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 06 November 2006 - 09:20 PM

SmitFraudFix v2.119

Scan done at 17:46:51.01, Mon 11/06/2006
Run from C:\Documents and Settings\Corey Raymond\Desktop\Computer safety\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINNT\system32\okkmtv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINNT\system32\okkmtv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINNT\system32\okkmtv.dll -> Hoax.Win32.Renos.gen.i
C:\WINNT\system32\okkmtv.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Logfile of HijackThis v1.99.1
Scan saved at 6:07:11 PM, on 11/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Corey Raymond\Desktop\Computer safety\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll (file missing)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Corey Raymond\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:08 AM

Posted 07 November 2006 - 12:35 AM

Hi KoR,

Looks like we killed the infection. Now we just have to do minor cleanup. :thumbsup:

Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

In Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll (file missing)

The following are not necessarily spyware/malware, but I suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Finally, reboot to the Normal Mode and post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 KoR

KoR
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 07 November 2006 - 09:07 PM

It's running much better than before, and I can open all my programs again. For some reason, I had to reinstall bearshare though. Thank you for your help!
Logfile of HijackThis v1.99.1
Scan saved at 5:55:49 PM, on 11/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Corey Raymond\Desktop\Computer safety\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Corey Raymond\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)

Edited by KoR, 07 November 2006 - 09:10 PM.


#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:08 AM

Posted 07 November 2006 - 10:30 PM

Hi KoR,

Your log looks clean! :thumbsup: Good job on the cleanup!


Please read and follow How did I get infected?, With steps so it does not happen again!
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 KoR

KoR
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 07 November 2006 - 10:54 PM

Alright thanks again, and now I seem to be getting quite a bit of lag, not just internet-related, when I open multiple programs though. :|

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:08 AM

Posted 07 November 2006 - 11:19 PM

Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox can degrade system performance and consume vast amounts of storage and may create security issues as outsiders are granted access to internal files. They are often bundled with adware or spyware.

I would not run any of them. Just too risky.



Time for my slow computer speech. :thumbsup:

There are many things that could be slowing you computer. We have eliminated malware, so lets try other fixes.

1. Check your hard disks for problems.
There are two different types of disk checks:
one is a file check, which checks the state of your operating system, checks all of your files, your file structure, and other software checks. If there are software problems (such as a corrupt FAT (file allocation table), etc., this check will attempt to fix it.

The other is a physical hardware disk check. This checks the surface of your hard disks, to see if there are bad sectors (sections) of your hard drive, to see if your drive is physically experiencing problems. This disk check will attempt to repair the bad sectors, but if it can’t, it will mark the sector as bad and attempt to move the file(s) or file “pieces” to a good sector(s) of the disk. By marking the sector as bad, it knows not to write any future files to this section of the hard drive.

To run a disk check (or scan disk), here are the steps:
For XP, double-click My Computer. Right-click the C-drive and click Properties. Click on the Tools tab and choose to check the computer for problems. Click on Check Now. You will then have two check boxes.
The top option is for the file check, and the second option is for the hardware (physical disk) check. Check either one, or both. At least check the top one.
Again, if you think you may be having problems with the hard disk itself, then check the second one, as well. this will take quite a bit longer to run, so let it run over night.

One thing, though: For XP, you won’t be able to run the check right then.
After clicking the Start button (once the check boxes are checked), you will need to reboot to run the disk check. It will ask you if you want the system to run the CHKDSK on reboot. Choose Yes and reboot.
Just before getting back into Windows, the system will do its CHKDSK, and depending on which options you chose, will take either a few minutes, and sometimes up to an hour or so, to run.
Let it run.


2. Defragment your hard drives.
If you have never done this, or it has been a few months since the last time, this step is one of the most important things that will give you more performance. As you use your computer, your drives become fragmented, by creating and deleting files. Just because a file is 10mb in size, doesn’t mean that it is sitting there on the drive (all 10mb) all in one spot on the drive. It fills in from the inside of the drive, outward, as the drive finds room. So your one file can be in pieces, in several spots on the hard drive. Don’t worry, your file allocation table keeps track of where the pieces are, however, it takes longer to access a file that is in pieces (fragmented), than a file that IS all in one spot on the hard drive. This is where defragmenting comes in. When you defragment your hard drive, this process copies all of the pieces to temporary spots on the hard drive, and then fills in all of the files (in their entirety) from the inside, out, so that no files are split into pieces. This dramatically speeds up the seek time, as well as speeds up the use of your files and programs.

NOTE: to efficiently defragment a hard drive, it likes to have 25% free space. It can still do the defragmentation with only 15% free space, but it takes quite a bit longer. If you can, delete any unnecessary files before degramenting your drives.

To defragment your hard drives (in any Windows operating system), double-click on My Computer. Right-click on the c-drive and click on Properties. Click on the Tools tab and choose the bottom button, to Defragment Now… Click on the appropriate drive, and then on Defragment. This can take some time. Depending on your processing power, the amount of RAM you have available, the size and speed of your drive, and a few other things, this process can take 20 minutes, or hours. It is best to let this one run over night, as well, but it is well worth it.

3. Streamline MSCONFIG.
One thing that really causes a HUGE performance decrease is to have unnecessary programs running in the background.
Some of these programs can be seen in your System Tray (located next to the clock, in the lower-right corner of your screen). These are tiny programs that are robbing you of memory and processing power. Some of them you need, while most you don’t. Some of the programs you DON’T need are printer icons, CD burning icons, shortcuts to programs (such as video settings), AOL, any Instant Messaging Programs, etc. Just because these programs aren’t always running, doesn’t mean that you still can’t print, burn CDs or Instant Message. They can be run when you need them, from a shortcut.

You can use a utility, called MSCONFIG, to turn OFF unnecessary Start Up items. Or use a free startup utility (see below)

In XP, click on Start\Run and type msconfig. Click on the Startup tab.
This is a list of everything that is running in the background, some of which show up in the System Tray.

Now, be very careful, some of these you do need.
Some items to keep are Ctfmon.exe (XP), Rundll.32, any AntiVirus programs (such as McAfee, Norton, or AVG). Others, you can uncheck, such as NeroCheck, ypager, qttask, AOL, and any other Instant Messaging programs, or printing programs.
If in doubt, then look them up with Google.
Remember, if something doesn’t work, because you turned it off, it can always be turned back on.
You just have to reboot every time you make a change here.
But, as you uncheck the unnecessary programs that run in the background, you will see that Windows loads much faster, that there are less icons in the System Tray, and that your system is much more “snappy” and quick to respond.

Rather than use MSCONFIG command to disable processes, you can use a free Startup utility.
Mike Lin has a free Startup Control Panel that allows you to easily configure which programs run when your computer starts. http://www.mlin.net/StartupCPL.shtml

Be sure you read the intructions before using it. You can use the Disable / Enable - to disable or enable the selected entry. A disabled program will appear in the list with a special icon, and will not run at system startup.

Edited by SifuMike, 07 November 2006 - 11:21 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 KoR

KoR
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 08 November 2006 - 08:38 PM

Well, that didn't really help, because the lag is turning into freezing programs, and then I'm getting an error message when I try to close them, and then I open task manager and my computer just dies. :|

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:08 AM

Posted 08 November 2006 - 09:37 PM

Whats the error message you are getting?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 KoR

KoR
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 08 November 2006 - 09:39 PM

Well it's not going to a blue screen or anything, it's just either a) freezing, or B) taking way too long. But when I try to close stuff that won't close it says that I'm not allowed to because it may be debugging or something.

Edited by KoR, 08 November 2006 - 09:42 PM.


#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:08 AM

Posted 08 November 2006 - 09:50 PM

But when I try to close stuff that won't close it says that I'm not allowed to because it may be debugging or something.


That is not any help. :thumbsup: You said it was giving you an error message? What is the message?
What programs are you having problems closing?


Did you do everything in my "slow computer" post?
How much RAM do you have on this comptuer?

I would uninstall Bearshare, as that was the cause of your malware.

I do not think this is a malware problem, as your log is clean. My expertise is malware removal, not Windows 2000. I may have to turn you over to the Windows forum.

Let's do one more scan to see if it sees anything, but I doubt if it will.

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log to this thread.

Edited by SifuMike, 08 November 2006 - 10:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 KoR

KoR
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 09 November 2006 - 01:58 AM

"Error
The program cannot be closed. If it is being debugged, please resume it or close the debugger first."
It's various programs, and I think it might have had something to do with downloading zonealarm free, for you see, when that is open and I open AIM, my AIM freezes to the point where it shows my buddy list but shows nobody as online. Firefox will randomly freeze and refuse to close, and Steam will freeze when I try to play any game. Some of these things, such as Steam, will freeze task manager if I try to close them through it. I am unsure about my ram, is there any way to find out?

I will post the log tomorrow, as it is still running and I am tired.

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:08 AM

Posted 09 November 2006 - 02:06 AM

I am unsure about my ram, is there any way to find out?


go to My Computer and rt click on it and select Properties. Under the Gerneal tab, near the bottom it will tell you the RAM

The latest Zone Alarm (free version) is wreaking havoc on a lot of folks. The Pro version seems fine, but the free version has a bug that Zone Alarm hasn't been able to fix yet.
It locks the homepage and there is no way to change it unless you uninstall Zone Alarm first.
The older versions seem fine.


Why dont you turn off the ZA firewall and see if that solves the problem. Or you could uninstall it and install one of the other free firewalls.

url=http://www.pcmag.com/article2/0,1759,1647698,00.asp]You Need a (Properly Configured) Firewall[/url]
Understanding and Using Firewalls

Kerio Personal Firewall

Outpost Firewall Free

Jetico Personal Firewall
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 KoR

KoR
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 09 November 2006 - 07:10 PM

260,528 kbs of ram.
SUPERAntiSpyware Scan Log
Generated 11/08/2006 at 11:42 PM

Application Version : 3.3.1020

Core Rules Database Version : 3124
Trace Rules Database Version: 1144

Scan type : Complete Scan
Total Scan Time : 00:50:10

Memory items scanned : 363
Memory threats detected : 0
Registry items scanned : 4281
Registry threats detected : 22
File items scanned : 30299
File threats detected : 60

Adware.MyGlobalSearchBar
HKLM\Software\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
C:\DOCUMENTS AND SETTINGS\COREY RAYMOND\DESKTOP\COMPUTER SAFETY\BACKUPS\BACKUP-20061105-193003-201.DLL

Adware.Viewpoint Toolbar
HKLM\Software\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32#ThreadingModel
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ProgID
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\Programmable
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\TypeLib
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\VersionIndependentProgID
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ads.cc214142[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@indexstats[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@partners.4tracking[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@revsci[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@try.starware[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@cassava[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@qnsr[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@flixbanner.bearshare[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@belnk[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@azjmp[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@server.cpmstar[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@partypoker[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@yieldmanager[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@desktop[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ads.com[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@certified-safe-downloads[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@msnportal.112.2o7[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@2o7[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@drivecleaner[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@stats1.reliablestats[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@www.drivecleaner[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ads.monster[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@indextools[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@emarketmakers[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@nextag[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@creativeby.viewpoint[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@data2.perf.overture[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@55889769[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@adopt.specificclick[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@smileycentral[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ad.cs102175[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ads.beamfile[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@dist.belnk[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@tribalfusion[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ar.atwola[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@atwola[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ad.admarketplace[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@partygaming.122.2o7[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@h.starware[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ad[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@hits.clickandtrack[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@stats.drivecleaner[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@mb[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@adknowledge[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@888[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@smiley[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@adopt.hbmediapro[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@adopt.euroclick[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@offeroptimizer[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ads.newgrounds[1].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@ad.reunion[2].txt
C:\Documents and Settings\Corey Raymond\Cookies\corey raymond@cts.metricsdirect[2].txt

Adware.180solutions/Search Assistant
C:\Program Files\MediaGateway
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaGateway
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaGateway#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaGateway#DisplayName
HKCR\MediaGateway.LicenseInstaller
HKCR\MediaGateway.LicenseInstaller\CLSID
HKCR\MediaGateway.LicenseInstaller\CurVer

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\COREY RAYMOND\FAVORITES\ONLINE SECURITY TEST.URL

Adware.Lop
C:\PROGRAM FILES\ADVERTS\UNINST.EXE

Adware.ClickSpring
C:\WINNT\system32\WNWORD~1.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users