Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Pop Up Then Auto Closes


  • This topic is locked This topic is locked
8 replies to this topic

#1 sng2k5

sng2k5

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 December 2006 - 10:19 AM

My problem is that often i keep getting ie opening up loading a page then closing by itself. i also get a error wayign ss.exe.exe has encountered a problem and needs to close. i tried to delete it but it says access is denied.

below is the text from hijack this

Logfile of HijackThis v1.99.1
Scan saved at 1:16:08 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\Program Files\Common Files\AOL\1135357864\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1135357864\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: C:\WINDOWS\system32\zsPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zsPeCrypt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [7v3j] C:\WINDOWS\system32\z1734.exe gdtgh
O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINDOWS\inet20000\svchost.exe
O4 - HKLM\..\Run: [mxsukxb.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Silvio\Local Settings\Application Data\mxsukxb.dll",mbwktxd
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Silvio\LOCALS~1\Temp\2006128111530_mcinfo.exe /insfin
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1135357864\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\Silvio\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [WinUpgrade] C:\DOCUME~1\Silvio\LOCALS~1\Temp\F113187.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0A\AOL.EXE" -b
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yenylka Y. Ross\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
O20 - Winlogon Notify: ddcawwx - ddcawwx.dll (file missing)
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O21 - SSODL: XgCjHNeDCe - {CC5F98B8-66F5-3212-596C-B6F0AFC5CF2E} - C:\WINDOWS\system32\nnap.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by sng2k5, 08 December 2006 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 December 2006 - 02:46 PM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 sng2k5

sng2k5
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 December 2006 - 03:44 PM

HI MFDnSC,
Here is the information you requested


3:37 PM: The Internet Communication shield has blocked access to: GREENG.BIZ
3:37 PM: The Internet Communication shield has blocked access to: GREENG.BIZ
3:37 PM: The Internet Communication shield has blocked access to: GREENG.BIZ
3:37 PM: The Internet Communication shield has blocked access to: GREENG.BIZ
3:37 PM: Removal process completed. Elapsed time 00:00:52
3:37 PM: A reboot was suggested but declined.
3:37 PM: Warning: Launched explorer.exe
3:37 PM: Failed to quarantine trojan-radim-hook
3:37 PM: Warning: Stream read error
3:37 PM: Quarantining All Traces: trojan-radim-hook
3:36 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:36 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST189.tmp". Reason: The system cannot find the file specified
3:36 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
3:36 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST189.tmp". Reason: The system cannot find the file specified
3:36 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
3:36 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST189.tmp". Reason: The system cannot find the file specified
3:36 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
3:36 PM: Quarantining All Traces: burstnet cookie
3:36 PM: Quarantining All Traces: tacoda cookie
3:36 PM: Quarantining All Traces: mygeek cookie
3:36 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:36 PM: Quarantining All Traces: goclick cookie
3:36 PM: Quarantining All Traces: enhance cookie
3:36 PM: Quarantining All Traces: atwola cookie
3:36 PM: Quarantining All Traces: atlas dmt cookie
3:36 PM: Quarantining All Traces: 66.246.209 cookie
3:36 PM: Quarantining All Traces: command
3:36 PM: Quarantining All Traces: system doctor 2006 fakealert
3:36 PM: Quarantining All Traces: eqiso toolbar
3:36 PM: Quarantining All Traces: prosearch.com hijack
3:36 PM: Quarantining All Traces: trojan-backdoor-rustock
3:36 PM: Quarantining All Traces: maxifiles
3:36 PM: Quarantining All Traces: targetsaver
3:36 PM: Quarantining All Traces: coolwebsearch (cws)
3:36 PM: Quarantining All Traces: quickbutton
3:36 PM: Quarantining All Traces: purityscan
3:36 PM: Quarantining All Traces: security2k hijacker
3:36 PM: Removal process initiated
3:36 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:36 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:35 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:35 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:35 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:35 PM: Traces Found: 30
3:35 PM: Custom Sweep has completed. Elapsed time 00:35:25
3:35 PM: File Sweep Complete, Elapsed Time: 00:33:04
3:35 PM: Warning: Failed to access drive E:
3:35 PM: Warning: Failed to access drive D:
3:35 PM: C:\WINDOWS\R2lhbm5hICBOZw\lZ51vAc1KF1itT.vbs (ID = 185675)
3:35 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:34 PM: IE Security Shield: found: C:\PROGRA~1\AMERIC~1.0A\WAOL.EXE -- IE Security modification allowed at user request
3:34 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:34 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:34 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:33 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:33 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:33 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:33 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\3992-44016-1178-0[1].htm". The operation completed successfully
3:33 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:32 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\cas5y1b8.htm". The operation completed successfully
3:32 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\cas1c54v.htm". The operation completed successfully
3:32 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:32 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:32 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:32 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:31 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\menujs[1].xmlclicktrax=true". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\menujs[1].xmlclicktrax=true". The operation completed successfully
3:31 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\logo_icon[1].jpg". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@live365[1].txt". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@img.mixplay[1].txt". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\menuimage[1].gif". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\movielink-icon_15x15[1].png". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@serviceswitching[1].txt". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@webroot[2].txt". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\cas1oh47.32753648446933314". The operation completed successfully
3:31 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:30 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:30 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:30 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:30 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:29 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:29 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:29 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:29 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\ssfsetup1_1899993750[1].exe:zone.identifier". The operation completed successfully
3:29 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\caurgx2n.7211313319105516". The operation completed successfully
3:29 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\bot_shadow_bg[1].gif". The operation completed successfully
3:29 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\footer_bg_chex[1].gif". The operation completed successfully
3:29 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:29 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\bot_shadow_corners[1].gif". The operation completed successfully
3:28 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\bg_buynowboxtop[1].gif". The operation completed successfully
3:28 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:28 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\tabs_bot[1].gif". The operation completed successfully
3:28 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:28 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\tabs_bg[1].gif". The operation completed successfully
3:28 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:28 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\nav_index5_on[1].gif". The operation completed successfully
3:28 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:27 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\box_grn_dbl_bg[1].gif". The operation completed successfully
3:27 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:27 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\box_grn_dbl_top[1].gif". The operation completed successfully
3:27 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\box_grn_dbl_bot[1].gif". The operation completed successfully
3:27 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:27 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:27 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\phone_blank[1].gif". The operation completed successfully
3:26 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\top_shadow_corners[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\top_shadow_bg[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\all users\drm\cache\indiv02.tmp". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\iehacks-6[1].css". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\iehacks[1].css". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\side_shadows[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@www.webroot[2].txt". The operation completed successfully
3:26 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\f_norm_dot[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\f_moved[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\f_poll_no[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\f_poll[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\f_hot_no[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\f_hot[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\f_norm_no[1].gif". The operation completed successfully
3:26 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\f_closed[1].gif". The operation completed successfully
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\newpost[1].gif". The operation completed successfully
3:26 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:26 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\f_norm[1].gif". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\pages_icon[1].gif". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\calen[1].gif". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\stats[1].gif". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\lastpost[1].gif". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\exp_plus[1].gif". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\exp_minus[1].gif". The operation completed successfully
3:25 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\ca2vgxm9.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\caujmf49.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\camb0bxi.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\caod4tg3.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\caovmdip.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\cai349uf.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\caz154cn.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\cawi6zk6.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\cag1a7o1.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\caefcxav.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\cal45wdj.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\ca3j39k8.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\wtid[1].js". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\cagpitsd.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\camxk7mx.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\caaxbto4.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\cacxej05.jsp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\al[1].htm". The operation completed successfully
3:25 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\chunks[1].jsp". The operation completed successfully
3:25 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\caybuveh.jsp". The operation completed successfully
3:25 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@bleepingcomputer[2].txt". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\front[2].asp". The operation completed successfully
3:25 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@bleepingcomputer.us.intellitxt[1].txt". The operation completed successfully
3:24 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\x-click-but21[1].gif". The operation completed successfully
3:24 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:24 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\css_img_quote[1].gif". The operation completed successfully
3:24 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:24 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\thumbup2[1].gif". The operation completed successfully
3:24 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@softpedia.uk.intellitxt[1].txt". The operation completed successfully
3:24 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:23 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:23 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\spacer[1].gif". The operation completed successfully
3:23 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\js[1]". The operation completed successfully
3:23 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\to_post_off[1].gif". The operation completed successfully
3:23 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:23 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\menu_item[1].gif". The operation completed successfully
3:23 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\menu_action_down[1].gif". The operation completed successfully
3:23 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\jr[1].ad". The operation completed successfully
3:23 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\nav_m[1].gif". The operation completed successfully
3:23 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:23 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\nav[1].gif". The operation completed successfully
3:23 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@softpedia[1].txt". The operation completed successfully
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@goclick[2].txt". The operation completed successfully
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\redirurl=;ord=43316[1].htm". The operation completed successfully
3:22 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@doubleclick[1].txt". The operation completed successfully
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\redirurl=;ord=43316[1]". The operation completed successfully
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@www.burstnet[1].txt". The operation completed successfully
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@enhance[1].txt". The operation completed successfully
3:22 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@tacoda[1].txt". The operation completed successfully
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\uge3spwf\clk[1].htm". The operation completed successfully
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\getrssid[1].htm". The operation completed successfully
3:22 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\fwclk[1].htm". The operation completed successfully
3:22 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:22 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:21 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@66.246.209[1].txt". The operation completed successfully
3:21 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\count[2].gif". The operation completed successfully
3:21 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:21 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\ads[1].htm". The operation completed successfully
3:21 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:21 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:21 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\j17ekku4\count[1].gif". The operation completed successfully
3:21 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\z3xzxx1o\wiicursor[1].xml". The operation completed successfully
3:21 PM: Warning: Failed to open file "c:\documents and settings\silvio\local settings\temporary internet files\content.ie5\i8s205bz\jstracking[1].js". The operation completed successfully
3:21 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@cgi-bin[2].txt". The operation completed successfully
3:20 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:20 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@aol[1].txt". The operation completed successfully
3:20 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@ads.web.aol[1].txt". The operation completed successfully
3:20 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:20 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:20 PM: Warning: Failed to open file "c:\documents and settings\silvio\cookies\silvio@atdmt[1].txt". The operation completed successfully
3:20 PM: The Internet Communication shield has blocked access to: TGPIE.COM
3:20 PM: Warning: Failed to open file "c:\documents and settings\all users\drm\cache\indiv01.tmp". The operation completed successfully
3:20 PM: The Internet Communication shield has blocked access to: 88.208.8.8
3:20 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:20 PM: The Internet Communication shield has blocked access to: TGPIE.COM
3:19 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:19 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:19 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:19 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:18 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:18 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:18 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:17 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:17 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:17 PM: C:\WINDOWS\Temp\winBE08.tmp (ID = 346874)
3:17 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:17 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
Trace marked as Always Remove
3:16 PM: C:\WINDOWS\system32\nnap.dll (ID = 182754)
3:16 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:16 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:16 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:15 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:15 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:15 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:15 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:14 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:14 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:14 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:13 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:13 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:13 PM: C:\WINDOWS\Temp\b104.exe (ID = 350493)
3:13 PM: Found Adware: command
3:13 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:13 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:12 PM: c:\windows\system32:lzx32.sys (ID = 350068)
3:12 PM: Found Trojan Horse: trojan-backdoor-rustock
3:12 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:12 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:12 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:12 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:12 PM: C:\Documents and Settings\Silvio\wpcem.exe (ID = 409678)
3:11 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:11 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:11 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:11 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:10 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:10 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:10 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:09 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:09 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:09 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:09 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:08 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:08 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:08 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:08 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:07 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:07 PM: C:\VundoFix Backups\services.dll.bad (ID = 320790)
3:07 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:07 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:06 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:06 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:06 PM: C:\VundoFix Backups\xsqvgegp.exe.bad (ID = 574)
3:06 PM: Found Adware: system doctor 2006 fakealert
3:06 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:06 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:05 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:05 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:05 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:05 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:04 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:04 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:04 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:04 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:03 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:03 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:03 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:02 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:02 PM: C:\WINDOWS\Temp\firefox.exe (ID = 346874)
3:02 PM: Found Adware: purityscan
3:02 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:02 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:02 PM: Starting File Sweep
3:02 PM: Warning: Failed to access drive A:
3:02 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
3:02 PM: c:\documents and settings\silvio\cookies\silvio@www.burstnet[1].txt (ID = 2337)
3:02 PM: Found Spy Cookie: burstnet cookie
3:02 PM: c:\documents and settings\silvio\cookies\silvio@tacoda[1].txt (ID = 6444)
3:02 PM: Found Spy Cookie: tacoda cookie
3:02 PM: c:\documents and settings\silvio\cookies\silvio@mygeek[2].txt (ID = 3041)
3:02 PM: Found Spy Cookie: mygeek cookie
3:02 PM: c:\documents and settings\silvio\cookies\silvio@goclick[2].txt (ID = 2732)
3:02 PM: Found Spy Cookie: goclick cookie
3:02 PM: c:\documents and settings\silvio\cookies\silvio@enhance[1].txt (ID = 2613)
3:02 PM: Found Spy Cookie: enhance cookie
3:02 PM: c:\documents and settings\silvio\cookies\silvio@atwola[1].txt (ID = 2255)
3:02 PM: Found Spy Cookie: atwola cookie
3:02 PM: c:\documents and settings\silvio\cookies\silvio@atdmt[1].txt (ID = 2253)
3:02 PM: Found Spy Cookie: atlas dmt cookie
3:02 PM: c:\documents and settings\silvio\cookies\silvio@66.246.209[1].txt (ID = 1997)
3:02 PM: Found Spy Cookie: 66.246.209 cookie
3:02 PM: Starting Cookie Sweep
3:02 PM: Registry Sweep Complete, Elapsed Time:00:00:20
3:02 PM: HKU\WRSS_Profile_S-1-5-21-3082578765-2901125876-4266584082-1010\software\microsoft\windows\currentversion\ext\stats\{873eb32d-ae1a-4183-89bd-45a77f761be4}\ (ID = 1569383)
3:02 PM: Found Adware: security2k hijacker
3:02 PM: HKU\WRSS_Profile_S-1-5-21-3082578765-2901125876-4266584082-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530952)
3:02 PM: Found Adware: maxifiles
3:02 PM: HKU\WRSS_Profile_S-1-5-21-3082578765-2901125876-4266584082-1010\software\idl\ (ID = 1351285)
3:02 PM: Found Adware: targetsaver
3:01 PM: HKU\S-1-5-21-3082578765-2901125876-4266584082-1011\software\microsoft\wpcemail data\ (ID = 1866146)
3:01 PM: HKLM\software\microsoft\windows\currentversion\run\ || microsoft wpcemail (ID = 1866148)
3:01 PM: Found Adware: coolwebsearch (cws)
3:01 PM: HKLM\system\controlset001\services\usbpda\ (ID = 1866001)
3:01 PM: HKLM\system\controlset001\enum\root\legacy_usbpda\ (ID = 1865989)
3:01 PM: Found Adware: quickbutton
3:01 PM: HKLM\software\classes\clsid\{b7d3e479-cc68-42b5-a338-938ece35f419}\ (ID = 1729347)
3:01 PM: HKCR\clsid\{b7d3e479-cc68-42b5-a338-938ece35f419}\ (ID = 1728993)
3:01 PM: Found Adware: eqiso toolbar
3:01 PM: HKLM\software\microsoft\internet explorer\main\ || start page_bak (ID = 1250791)
3:01 PM: HKLM\software\microsoft\internet explorer\main\ || searchurl (ID = 1250790)
3:01 PM: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)
3:01 PM: Found Adware: prosearch.com hijack
3:01 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:01 PM: Starting Registry Sweep
3:01 PM: Memory Sweep Complete, Elapsed Time: 00:01:42
3:01 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:01 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:01 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
Trace marked as Always Remove
3:00 PM: Detected running threat: C:\WINDOWS\system32\nnap.dll (ID = 182754)
3:00 PM: Threat marked as Always Remove
3:00 PM: Found Trojan Horse: trojan-radim-hook
3:00 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:00 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:00 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
3:00 PM: Starting Memory Sweep
3:00 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
2:59 PM: Start Custom Sweep
2:59 PM: Sweep initiated using definitions version 817
2:59 PM: Spy Sweeper 5.2.3.2132 started
2:59 PM: | Start of Session, Friday, December 08, 2006 |
********
2:59 PM: | End of Session, Friday, December 08, 2006 |
2:59 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
2:59 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
2:59 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
2:58 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
2:58 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
2:58 PM: The Internet Communication shield has blocked access to: 88.208.8.8
2:58 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
2:57 PM: ActiveX Shield: found: Trojan Horse: trojan-radim-hook, version 1.0.0.0 -- Installation denied
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
2:57 PM: Shield States
2:57 PM: Spyware Definitions: 804
2:57 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
2:57 PM: Spy Sweeper 5.2.3.2132 started
2:57 PM: Spy Sweeper 5.2.3.2132 started
2:57 PM: | Start of Session, Friday, December 08, 2006 |
********
_______________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 3:39:20 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1135357864\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1135357864\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Common Files\AOL\1135357864\ee\SSCRun.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: C:\WINDOWS\system32\zsPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zsPeCrypt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
O4 - HKLM\..\Run: [mxsukxb.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Silvio\Local Settings\Application Data\mxsukxb.dll",mbwktxd
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Silvio\LOCALS~1\Temp\2006128111530_mcinfo.exe /insfin
O4 - HKLM\..\Run: [AOLSPScheduler] "C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [sscRun] "C:\Program Files\Common Files\AOL\1135357864\ee\SSCRun.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\mcafee.com\antivirus\oasclnt.exe"
O4 - HKLM\..\Run: [EmailScan] "C:\Program Files\mcafee.com\antivirus\mcvsescn.exe"
O4 - HKLM\..\Run: [MPFExe] "C:\Program Files\mcafee.com\personal firewall\MPfTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\Silvio\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [WinUpgrade] C:\DOCUME~1\Silvio\LOCALS~1\Temp\F113187.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0A\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yenylka Y. Ross\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcawwx - ddcawwx.dll (file missing)
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: XgCjHNeDCe - {CC5F98B8-66F5-3212-596C-B6F0AFC5CF2E} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WTEEQLDHS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Silvio\LOCALS~1\Temp\WTEEQLDHS.exe

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 December 2006 - 05:13 PM

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: C:\WINDOWS\system32\zsPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zsPeCrypt.dll

O4 - HKLM\..\Run: [mxsukxb.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Silvio\Local Settings\Application Data\mxsukxb.dll",mbwktxd

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Silvio\LOCALS~1\Temp\2006128111530_mcinfo.exe /insfin

O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\Silvio\LOCALS~1\Temp\svchost.exe

O4 - HKCU\..\Run: [WinUpgrade] C:\DOCUME~1\Silvio\LOCALS~1\Temp\F113187.exe

O20 - Winlogon Notify: ddcawwx - ddcawwx.dll (file missing)

O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)

O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)

O21 - SSODL: XgCjHNeDCe - {CC5F98B8-66F5-3212-596C-B6F0AFC5CF2E} - (no file)

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: WTEEQLDHS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Silvio\LOCALS~1\Temp\WTEEQLDHS.exe
=============================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

MySQL

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

Repeat for WTEEQLDHS
=====================
DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\zsPeCrypt.dll
C:\Documents and Settings\Silvio\Local Settings\Application Data\mxsukxb.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 sng2k5

sng2k5
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 December 2006 - 05:58 PM

Every thing seems to be going fine as the pop ups have stopped here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 5:53:28 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1135357864\ee\SSCEvtHdlr.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\Program Files\Common Files\AOL\1135357864\ee\aolsoftware.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: C:\WINDOWS\system32\zsPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zsPeCrypt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
O4 - HKLM\..\Run: [mxsukxb.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Silvio\Local Settings\Application Data\mxsukxb.dll",mbwktxd
O4 - HKLM\..\Run: [AOLSPScheduler] "C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [sscRun] "C:\Program Files\Common Files\AOL\1135357864\ee\SSCRun.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\mcafee.com\antivirus\oasclnt.exe"
O4 - HKLM\..\Run: [EmailScan] "C:\Program Files\mcafee.com\antivirus\mcvsescn.exe"
O4 - HKLM\..\Run: [MPFExe] "C:\Program Files\mcafee.com\personal firewall\MPfTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0A\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yenylka Y. Ross\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 December 2006 - 06:08 PM

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: C:\WINDOWS\system32\zsPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zsPeCrypt.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [mxsukxb.dll] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Silvio\Local Settings\Application Data\mxsukxb.dll",mbwktxd


DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries


Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 sng2k5

sng2k5
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 December 2006 - 06:45 PM

Everything is running normal, here is the log

Logfile of HijackThis v1.99.1
Scan saved at 6:41:22 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\Program Files\Common Files\AOL\1135357864\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1135357864\ee\aolsoftware.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
O4 - HKLM\..\Run: [AOLSPScheduler] "C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [sscRun] "C:\Program Files\Common Files\AOL\1135357864\ee\SSCRun.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\mcafee.com\antivirus\oasclnt.exe"
O4 - HKLM\..\Run: [EmailScan] "C:\Program Files\mcafee.com\antivirus\mcvsescn.exe"
O4 - HKLM\..\Run: [MPFExe] "C:\Program Files\mcafee.com\personal firewall\MPfTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0A\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yenylka Y. Ross\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Logfile of HijackThis v1.99.1
Scan saved at 6:41:22 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\Program Files\Common Files\AOL\1135357864\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1135357864\ee\aolsoftware.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135357864\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
O4 - HKLM\..\Run: [AOLSPScheduler] "C:\Program Files\Common Files\AOL\1135357864\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [sscRun] "C:\Program Files\Common Files\AOL\1135357864\ee\SSCRun.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\mcafee.com\antivirus\oasclnt.exe"
O4 - HKLM\..\Run: [EmailScan] "C:\Program Files\mcafee.com\antivirus\mcvsescn.exe"
O4 - HKLM\..\Run: [MPFExe] "C:\Program Files\mcafee.com\personal firewall\MPfTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0A\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yenylka Y. Ross\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService

Edited by sng2k5, 08 December 2006 - 06:46 PM.


#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 December 2006 - 06:50 PM

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 sng2k5

sng2k5
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 December 2006 - 07:13 PM

TYVM for your help i really appreciated it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users