Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spy Sheriff


  • This topic is locked This topic is locked
13 replies to this topic

#1 ranger-007

ranger-007

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 21 February 2007 - 03:49 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:27:32 PM, on 2/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: (no name) - {0317792C-35F4-229D-7AAB-EA0BC8CDFA15} - (no file)
O2 - BHO: (no name) - {050E5558-FE0C-EDC7-9F6A-C336AE3D3299} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06DCC00C-821A-8B53-27D3-031DD3E5ECD9} - (no file)
O2 - BHO: (no name) - {0B51759C-4CF3-238A-FF2C-9417133AC00E} - (no file)
O2 - BHO: (no name) - {0BDF2A95-3F5A-66FB-58CD-EB045BCCD127} - (no file)
O2 - BHO: (no name) - {0E518F62-9B16-3CAB-16DC-1D6F0CD5C72E} - (no file)
O2 - BHO: (no name) - {114913D3-184A-47AD-CE60-C0D460E0B89E} - (no file)
O2 - BHO: (no name) - {119C92D5-8A65-439B-CC9F-5EF59240DFA2} - (no file)
O2 - BHO: (no name) - {13471D63-9D62-BB6F-33AB-8E021ADB15DE} - (no file)
O2 - BHO: (no name) - {13E26E36-513C-CAEC-23DF-308281268B82} - (no file)
O2 - BHO: (no name) - {1C6B2F8F-6843-B9DC-D1C1-8B066B615CAC} - (no file)
O2 - BHO: (no name) - {1D378946-6285-C898-BBBC-C4612B035AFA} - (no file)
O2 - BHO: (no name) - {270343E5-08B6-8303-498D-17E3A8CE4AF6} - (no file)
O2 - BHO: (no name) - {277C8BC3-819D-6CE7-9470-B51A6054EBAD} - (no file)
O2 - BHO: (no name) - {282A0F45-4C75-D1B3-7D1A-3FE1FDA1FC4A} - (no file)
O2 - BHO: (no name) - {31AED17D-55BA-FF5D-DA02-D1ED0FBEE8A1} - (no file)
O2 - BHO: (no name) - {362D77E9-3746-426B-16FD-C955AC2B80A5} - (no file)
O2 - BHO: (no name) - {38C5C06F-B701-AB17-4580-048A6D208280} - (no file)
O2 - BHO: (no name) - {39C5B42E-3D81-68B9-9C67-F37773324C65} - (no file)
O2 - BHO: (no name) - {39E49DCF-C2A7-5CF7-9460-0B4E3F64C1E7} - (no file)
O2 - BHO: (no name) - {3DDBD5AB-C729-F799-8DEE-7EB2AC71F184} - (no file)
O2 - BHO: (no name) - {3FDD8BDA-B490-4F39-77C3-23E33A89019F} - (no file)
O2 - BHO: (no name) - {43D1C9AE-AF29-732F-2701-18DCCB05E4FD} - C:\WINNT\system32\jtjynujf.dll
O2 - BHO: (no name) - {446AA9EB-A987-6BC7-5B12-17697DC5BFFB} - (no file)
O2 - BHO: (no name) - {477AFA08-5294-C8E1-C079-1F114B868287} - (no file)
O2 - BHO: (no name) - {47FD1A4B-0C59-EA9C-8DBB-B93D37025D9F} - (no file)
O2 - BHO: (no name) - {4C30EE36-48B4-B782-DEB2-EA2E3F50A7D4} - (no file)
O2 - BHO: (no name) - {4C4CF45A-3C1E-D765-CC58-5FC663E52953} - (no file)
O2 - BHO: (no name) - {4C9BDE33-82F4-806F-03A1-019A98302AD1} - (no file)
O2 - BHO: (no name) - {4D33CD40-69D8-5879-CBB9-F556C5168BE5} - (no file)
O2 - BHO: (no name) - {4F722CB0-7B12-BB48-4205-3C9AA9149C4B} - (no file)
O2 - BHO: (no name) - {519024E4-A5AD-7D3C-0F69-9761A942453C} - (no file)
O2 - BHO: (no name) - {520F8451-9C4C-C442-CBC5-923B05515FD5} - (no file)
O2 - BHO: (no name) - {528FC82B-F796-B966-9C1D-ED80814F59F4} - (no file)
O2 - BHO: (no name) - {558AE84A-10A7-EE53-86D4-44EE399D7723} - (no file)
O2 - BHO: (no name) - {578A36DB-C34F-2F5B-BC45-C54F4B2BEF86} - (no file)
O2 - BHO: (no name) - {5BCEFCC6-D9C6-6D55-CFA8-DAA2BC98BE49} - (no file)
O2 - BHO: (no name) - {62221C3E-48C7-539D-987E-70F8974FFD77} - (no file)
O2 - BHO: (no name) - {629484DF-3DBE-7F80-3699-1B2468233287} - (no file)
O2 - BHO: (no name) - {656A3F48-BB89-F412-4C9B-DE3382F4806F} - (no file)
O2 - BHO: (no name) - {66B788FC-823E-0FB2-E506-FA4F55233022} - (no file)
O2 - BHO: (no name) - {67AE2A9A-679A-A027-9906-C5C455612579} - (no file)
O2 - BHO: (no name) - {6849BAFE-A94C-9BDE-BA57-3DA6F97F2348} - (no file)
O2 - BHO: (no name) - {68E602D4-03F6-0CEF-A7C1-46C1D93DF620} - (no file)
O2 - BHO: (no name) - {69A8DA1A-31B3-C719-A4D4-824AA4D8A7A0} - (no file)
O2 - BHO: (no name) - {6A5DD275-06AC-AE04-EEC1-6473C3E8C354} - (no file)
O2 - BHO: (no name) - {6F718049-2F8C-210E-F202-9191A0AD54BF} - (no file)
O2 - BHO: (no name) - {70717F23-A4A5-714A-CC0D-5DBFCA5902A4} - (no file)
O2 - BHO: (no name) - {710727FC-05F9-BC73-F6D9-766735BD1055} - (no file)
O2 - BHO: (no name) - {80C6C54B-05D4-19EF-1902-9067F01CB0B2} - (no file)
O2 - BHO: (no name) - {83E897B8-A254-350A-CA28-E4500E65C579} - (no file)
O2 - BHO: (no name) - {84FFB8BD-DE71-F908-69BE-3BE5939F12A7} - (no file)
O2 - BHO: (no name) - {876FAAFD-1116-E642-3F02-9089E5180E28} - (no file)
O2 - BHO: (no name) - {8A67185A-DFE5-DF0E-9D91-49321DBD8A63} - (no file)
O2 - BHO: (no name) - {8DBBB93D-3702-5D9F-0DDB-5F2829572040} - (no file)
O2 - BHO: (no name) - {8FD3AA9A-8C51-C4B9-61AB-50D81F1F8F7E} - (no file)
O2 - BHO: (no name) - {9338B1D5-9DAA-0B85-F2BC-FB2A4CCFECA9} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {945FC1AA-8AF8-A4A3-9E1D-8F6340D91A9E} - (no file)
O2 - BHO: (no name) - {9CFF764D-1444-2EA0-16F7-59F49763E6E5} - (no file)
O2 - BHO: (no name) - {A11166D2-8498-7887-03A5-0999A16247D0} - (no file)
O2 - BHO: (no name) - {A33B3844-631B-5089-CA98-409199468AC8} - (no file)
O2 - BHO: (no name) - {A458692C-C0E8-955B-2A90-1875BAEEC437} - (no file)
O2 - BHO: (no name) - {A4EB1EE8-3613-18C5-8993-FFB8EDD1027A} - (no file)
O2 - BHO: (no name) - {A517C0D3-9901-34CF-3CDD-2E2D635DB829} - (no file)
O2 - BHO: (no name) - {A89CA73E-CD7D-10FB-E976-4652EB98C8F4} - (no file)
O2 - BHO: (no name) - {AA70B7BC-E713-B137-0B8C-4DC1F456FF93} - (no file)
O2 - BHO: (no name) - {AB8DB237-0CE1-A972-1B2B-5CE0FFFD1C3F} - (no file)
O2 - BHO: (no name) - {AC231102-3147-6723-0DED-D29AFD966E84} - (no file)
O2 - BHO: (no name) - {AC2B0794-4C79-4989-E4AE-DB9F7C90A8B1} - (no file)
O2 - BHO: (no name) - {AE35DAFE-CE81-C083-6B56-D93411B85036} - (no file)
O2 - BHO: (no name) - {AF1D0EB8-7CDE-856D-16E2-A439B9CE1F4A} - (no file)
O2 - BHO: (no name) - {AF2CBC69-416A-2064-C0E7-DBBB4AA4A5D1} - (no file)
O2 - BHO: (no name) - {AF553760-D999-F672-40DF-4938B1E3DC46} - (no file)
O2 - BHO: (no name) - {B5B64B29-5EB4-F1CF-9C39-8B6260D40AD9} - (no file)
O2 - BHO: (no name) - {BC85BFF6-7F02-6FB4-B976-B5418E30D80A} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C3E53255-32FB-B2F9-2688-9B93B511E388} - (no file)
O2 - BHO: (no name) - {C5122225-8459-BF6B-D007-8A5767993D43} - (no file)
O2 - BHO: (no name) - {C8CA2DA0-B69C-D575-4843-23C89AE17A3E} - (no file)
O2 - BHO: (no name) - {CEA2E8DC-3B01-25CD-7544-BEA8F3741EF4} - (no file)
O2 - BHO: (no name) - {D4C0B0D5-8AA6-7574-747E-7BC1DC8B5B83} - (no file)
O2 - BHO: (no name) - {D4EC93F1-3315-0EEE-3EA9-81FE429F3D79} - (no file)
O2 - BHO: (no name) - {D77DBE40-9923-7760-9C3E-D93FFE6EDBD1} - (no file)
O2 - BHO: (no name) - {D92194E7-FE61-72D2-8C4C-FC3716A81A77} - (no file)
O2 - BHO: (no name) - {DB093CBD-2E6D-8AC7-9B72-4F46E2C21C88} - (no file)
O2 - BHO: (no name) - {DF87B759-39F4-6E12-768E-929C949D56F6} - (no file)
O2 - BHO: (no name) - {E06FC566-61AB-D2FC-5B1A-B47BD4BDDBFB} - (no file)
O2 - BHO: (no name) - {E0A30F7B-8B73-71A3-DA9F-CB617DD92224} - C:\WINNT\system32\ogltinel.dll (file missing)
O2 - BHO: (no name) - {E436E03D-B37F-ED57-A2F3-DEDE3793CCF6} - (no file)
O2 - BHO: (no name) - {E92A9C25-C118-D5C1-1A55-D67531826253} - (no file)
O2 - BHO: (no name) - {EA30C14B-0A3C-25CB-D140-D603BC6DAB76} - (no file)
O2 - BHO: (no name) - {ECA6015D-4B79-CF8D-1BB8-7779FA4DCD2A} - (no file)
O2 - BHO: (no name) - {EE29F4DB-65F0-E2F7-411C-BF76E443B740} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-003F-8981A03D8981} - C:\WINNT\system32\ymhkhszx.dll (file missing)
O2 - BHO: (no name) - {F2DE4280-102F-0680-00EF-7B81A0ED7B81} - (no file)
O2 - BHO: (no name) - {F3CC2E56-060E-41D1-4465-B59D3526FC49} - (no file)
O2 - BHO: (no name) - {F42E3E1D-4958-6206-E6E5-B12283968EC1} - (no file)
O2 - BHO: (no name) - {F708D16F-268F-AE75-EDB3-C4C7BAD2CE19} - (no file)
O2 - BHO: (no name) - {FA1250D0-8461-DD7B-BC82-5578E1705466} - (no file)
O2 - BHO: (no name) - {FA1EDD16-EFD8-9329-649F-B8971261E89C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://files.mhswebcollabsuite.com/imtapp/...jar/cnsload.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - https://dmhrsi.satx.disa.mil/jinitiator/oajinit.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://axis-73356a.axiscam.net:1280/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://i.grab.com/media/d82c8d/games/files...aploader_v6.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fontcat - C:\DOCUME~1\CGEY\LOCALS~1\Temp\tactnof.dat (file missing)
O20 - Winlogon Notify: wavebin - C:\DOCUME~1\CGEY\LOCALS~1\Temp\nibevaw.dat (file missing)
O23 - Service: vfqhmtiuaium (5) - Unknown owner - C:\WINNT\system32\5.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: xyhnbynnbogz (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 21 February 2007 - 04:36 PM

Welcome ranger-007 :thumbsup:

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*****************************

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service's called:
vfqhmtiuaium (5)
xyhnbynnbogz (MsUpdate6)

When you find them, double-click on them.
In the next window that opens, click their 'Stop' buttons.
Then change their 'Startup Type''s to 'Disabled'.
Now press Apply and then Ok and close any open windows.

*****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {0317792C-35F4-229D-7AAB-EA0BC8CDFA15} - (no file)
O2 - BHO: (no name) - {050E5558-FE0C-EDC7-9F6A-C336AE3D3299} - (no file)
O2 - BHO: (no name) - {0B51759C-4CF3-238A-FF2C-9417133AC00E} - (no file)
O2 - BHO: (no name) - {0BDF2A95-3F5A-66FB-58CD-EB045BCCD127} - (no file)
O2 - BHO: (no name) - {0E518F62-9B16-3CAB-16DC-1D6F0CD5C72E} - (no file)
O2 - BHO: (no name) - {114913D3-184A-47AD-CE60-C0D460E0B89E} - (no file)
O2 - BHO: (no name) - {119C92D5-8A65-439B-CC9F-5EF59240DFA2} - (no file)
O2 - BHO: (no name) - {13471D63-9D62-BB6F-33AB-8E021ADB15DE} - (no file)
O2 - BHO: (no name) - {13E26E36-513C-CAEC-23DF-308281268B82} - (no file)
O2 - BHO: (no name) - {1C6B2F8F-6843-B9DC-D1C1-8B066B615CAC} - (no file)
O2 - BHO: (no name) - {1D378946-6285-C898-BBBC-C4612B035AFA} - (no file)
O2 - BHO: (no name) - {270343E5-08B6-8303-498D-17E3A8CE4AF6} - (no file)
O2 - BHO: (no name) - {277C8BC3-819D-6CE7-9470-B51A6054EBAD} - (no file)
O2 - BHO: (no name) - {282A0F45-4C75-D1B3-7D1A-3FE1FDA1FC4A} - (no file)
O2 - BHO: (no name) - {31AED17D-55BA-FF5D-DA02-D1ED0FBEE8A1} - (no file)
O2 - BHO: (no name) - {362D77E9-3746-426B-16FD-C955AC2B80A5} - (no file)
O2 - BHO: (no name) - {38C5C06F-B701-AB17-4580-048A6D208280} - (no file)
O2 - BHO: (no name) - {39C5B42E-3D81-68B9-9C67-F37773324C65} - (no file)
O2 - BHO: (no name) - {39E49DCF-C2A7-5CF7-9460-0B4E3F64C1E7} - (no file)
O2 - BHO: (no name) - {3DDBD5AB-C729-F799-8DEE-7EB2AC71F184} - (no file)
O2 - BHO: (no name) - {3FDD8BDA-B490-4F39-77C3-23E33A89019F} - (no file)
O2 - BHO: (no name) - {43D1C9AE-AF29-732F-2701-18DCCB05E4FD} - C:\WINNT\system32\jtjynujf.dll
O2 - BHO: (no name) - {446AA9EB-A987-6BC7-5B12-17697DC5BFFB} - (no file)
O2 - BHO: (no name) - {477AFA08-5294-C8E1-C079-1F114B868287} - (no file)
O2 - BHO: (no name) - {47FD1A4B-0C59-EA9C-8DBB-B93D37025D9F} - (no file)
O2 - BHO: (no name) - {4C30EE36-48B4-B782-DEB2-EA2E3F50A7D4} - (no file)
O2 - BHO: (no name) - {4C4CF45A-3C1E-D765-CC58-5FC663E52953} - (no file)
O2 - BHO: (no name) - {4C9BDE33-82F4-806F-03A1-019A98302AD1} - (no file)
O2 - BHO: (no name) - {4D33CD40-69D8-5879-CBB9-F556C5168BE5} - (no file)
O2 - BHO: (no name) - {4F722CB0-7B12-BB48-4205-3C9AA9149C4B} - (no file)
O2 - BHO: (no name) - {519024E4-A5AD-7D3C-0F69-9761A942453C} - (no file)
O2 - BHO: (no name) - {520F8451-9C4C-C442-CBC5-923B05515FD5} - (no file)
O2 - BHO: (no name) - {528FC82B-F796-B966-9C1D-ED80814F59F4} - (no file)
O2 - BHO: (no name) - {558AE84A-10A7-EE53-86D4-44EE399D7723} - (no file)
O2 - BHO: (no name) - {578A36DB-C34F-2F5B-BC45-C54F4B2BEF86} - (no file)
O2 - BHO: (no name) - {5BCEFCC6-D9C6-6D55-CFA8-DAA2BC98BE49} - (no file)
O2 - BHO: (no name) - {62221C3E-48C7-539D-987E-70F8974FFD77} - (no file)
O2 - BHO: (no name) - {629484DF-3DBE-7F80-3699-1B2468233287} - (no file)
O2 - BHO: (no name) - {656A3F48-BB89-F412-4C9B-DE3382F4806F} - (no file)
O2 - BHO: (no name) - {66B788FC-823E-0FB2-E506-FA4F55233022} - (no file)
O2 - BHO: (no name) - {67AE2A9A-679A-A027-9906-C5C455612579} - (no file)
O2 - BHO: (no name) - {6849BAFE-A94C-9BDE-BA57-3DA6F97F2348} - (no file)
O2 - BHO: (no name) - {68E602D4-03F6-0CEF-A7C1-46C1D93DF620} - (no file)
O2 - BHO: (no name) - {69A8DA1A-31B3-C719-A4D4-824AA4D8A7A0} - (no file)
O2 - BHO: (no name) - {6A5DD275-06AC-AE04-EEC1-6473C3E8C354} - (no file)
O2 - BHO: (no name) - {6F718049-2F8C-210E-F202-9191A0AD54BF} - (no file)
O2 - BHO: (no name) - {70717F23-A4A5-714A-CC0D-5DBFCA5902A4} - (no file)
O2 - BHO: (no name) - {710727FC-05F9-BC73-F6D9-766735BD1055} - (no file)
O2 - BHO: (no name) - {80C6C54B-05D4-19EF-1902-9067F01CB0B2} - (no file)
O2 - BHO: (no name) - {83E897B8-A254-350A-CA28-E4500E65C579} - (no file)
O2 - BHO: (no name) - {84FFB8BD-DE71-F908-69BE-3BE5939F12A7} - (no file)
O2 - BHO: (no name) - {876FAAFD-1116-E642-3F02-9089E5180E28} - (no file)
O2 - BHO: (no name) - {8A67185A-DFE5-DF0E-9D91-49321DBD8A63} - (no file)
O2 - BHO: (no name) - {8DBBB93D-3702-5D9F-0DDB-5F2829572040} - (no file)
O2 - BHO: (no name) - {8FD3AA9A-8C51-C4B9-61AB-50D81F1F8F7E} - (no file)
O2 - BHO: (no name) - {9338B1D5-9DAA-0B85-F2BC-FB2A4CCFECA9} - (no file)
O2 - BHO: (no name) - {945FC1AA-8AF8-A4A3-9E1D-8F6340D91A9E} - (no file)
O2 - BHO: (no name) - {9CFF764D-1444-2EA0-16F7-59F49763E6E5} - (no file)
O2 - BHO: (no name) - {A11166D2-8498-7887-03A5-0999A16247D0} - (no file)
O2 - BHO: (no name) - {A33B3844-631B-5089-CA98-409199468AC8} - (no file)
O2 - BHO: (no name) - {A458692C-C0E8-955B-2A90-1875BAEEC437} - (no file)
O2 - BHO: (no name) - {A4EB1EE8-3613-18C5-8993-FFB8EDD1027A} - (no file)
O2 - BHO: (no name) - {A517C0D3-9901-34CF-3CDD-2E2D635DB829} - (no file)
O2 - BHO: (no name) - {A89CA73E-CD7D-10FB-E976-4652EB98C8F4} - (no file)
O2 - BHO: (no name) - {AA70B7BC-E713-B137-0B8C-4DC1F456FF93} - (no file)
O2 - BHO: (no name) - {AB8DB237-0CE1-A972-1B2B-5CE0FFFD1C3F} - (no file)
O2 - BHO: (no name) - {AC231102-3147-6723-0DED-D29AFD966E84} - (no file)
O2 - BHO: (no name) - {AC2B0794-4C79-4989-E4AE-DB9F7C90A8B1} - (no file)
O2 - BHO: (no name) - {AE35DAFE-CE81-C083-6B56-D93411B85036} - (no file)
O2 - BHO: (no name) - {AF1D0EB8-7CDE-856D-16E2-A439B9CE1F4A} - (no file)
O2 - BHO: (no name) - {AF2CBC69-416A-2064-C0E7-DBBB4AA4A5D1} - (no file)
O2 - BHO: (no name) - {AF553760-D999-F672-40DF-4938B1E3DC46} - (no file)
O2 - BHO: (no name) - {B5B64B29-5EB4-F1CF-9C39-8B6260D40AD9} - (no file)
O2 - BHO: (no name) - {BC85BFF6-7F02-6FB4-B976-B5418E30D80A} - (no file)
O2 - BHO: (no name) - {C3E53255-32FB-B2F9-2688-9B93B511E388} - (no file)
O2 - BHO: (no name) - {C5122225-8459-BF6B-D007-8A5767993D43} - (no file)
O2 - BHO: (no name) - {C8CA2DA0-B69C-D575-4843-23C89AE17A3E} - (no file)
O2 - BHO: (no name) - {CEA2E8DC-3B01-25CD-7544-BEA8F3741EF4} - (no file)
O2 - BHO: (no name) - {D4C0B0D5-8AA6-7574-747E-7BC1DC8B5B83} - (no file)
O2 - BHO: (no name) - {D4EC93F1-3315-0EEE-3EA9-81FE429F3D79} - (no file)
O2 - BHO: (no name) - {D77DBE40-9923-7760-9C3E-D93FFE6EDBD1} - (no file)
O2 - BHO: (no name) - {D92194E7-FE61-72D2-8C4C-FC3716A81A77} - (no file)
O2 - BHO: (no name) - {DB093CBD-2E6D-8AC7-9B72-4F46E2C21C88} - (no file)
O2 - BHO: (no name) - {DF87B759-39F4-6E12-768E-929C949D56F6} - (no file)
O2 - BHO: (no name) - {E06FC566-61AB-D2FC-5B1A-B47BD4BDDBFB} - (no file)
O2 - BHO: (no name) - {E0A30F7B-8B73-71A3-DA9F-CB617DD92224} - C:\WINNT\system32\ogltinel.dll (file missing)
O2 - BHO: (no name) - {E436E03D-B37F-ED57-A2F3-DEDE3793CCF6} - (no file)
O2 - BHO: (no name) - {E92A9C25-C118-D5C1-1A55-D67531826253} - (no file)
O2 - BHO: (no name) - {EA30C14B-0A3C-25CB-D140-D603BC6DAB76} - (no file)
O2 - BHO: (no name) - {ECA6015D-4B79-CF8D-1BB8-7779FA4DCD2A} - (no file)
O2 - BHO: (no name) - {EE29F4DB-65F0-E2F7-411C-BF76E443B740} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-003F-8981A03D8981} - C:\WINNT\system32\ymhkhszx.dll (file missing)
O2 - BHO: (no name) - {F2DE4280-102F-0680-00EF-7B81A0ED7B81} - (no file)
O2 - BHO: (no name) - {F3CC2E56-060E-41D1-4465-B59D3526FC49} - (no file)
O2 - BHO: (no name) - {F42E3E1D-4958-6206-E6E5-B12283968EC1} - (no file)
O2 - BHO: (no name) - {F708D16F-268F-AE75-EDB3-C4C7BAD2CE19} - (no file)
O2 - BHO: (no name) - {FA1250D0-8461-DD7B-BC82-5578E1705466} - (no file)
O2 - BHO: (no name) - {FA1EDD16-EFD8-9329-649F-B8971261E89C} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://axis-73356a.axiscam.net:1280/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://i.grab.com/media/d82c8d/games/files...aploader_v6.cab
O20 - Winlogon Notify: fontcat - C:\DOCUME~1\CGEY\LOCALS~1\Temp\tactnof.dat (file missing)
O20 - Winlogon Notify: wavebin - C:\DOCUME~1\CGEY\LOCALS~1\Temp\nibevaw.dat (file missing)
O23 - Service: vfqhmtiuaium (5) - Unknown owner - C:\WINNT\system32\5.exe (file missing)
O23 - Service: xyhnbynnbogz (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe


Find and delete:
C:\WINNT\system32\jtjynujf.dll
C:\WINNT\system32\msupd6.exe

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply please.
Posted Image
Posted Image

#3 ranger-007

ranger-007
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 21 February 2007 - 05:02 PM

ok. Thank you bunches. I'm downloading the antispyware part now. But had to ask, before I go fixing files, are any of them dealing with PC Weasel? It was intentionally installed. Anything else besides that can be deleted.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 21 February 2007 - 05:48 PM

They all look good to fix to me :thumbsup:
Posted Image
Posted Image

#5 ranger-007

ranger-007
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 21 February 2007 - 06:41 PM

ok. I followed the instructions. but I couldn't find:

O23 - Service: vfqhmtiuaium (5) - Unknown owner - C:\WINNT\system32\5.exe (file missing)
O23 - Service: xyhnbynnbogz (MsUpdate6) - Unknown owner - C:\WINNT\system32\msupd6.exe
C:\WINNT\system32\msupd6.exe

and
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
is something my mom needs to access her work documents from home I guess.

and here are the results::: (*edit*ummm...that looks like all the stuff I deleted. yea? uh oh)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:02:59 PM 2/21/2007

+ Scan result:



C:\Program Files\HijackThis\backups\backup-20070221-161910-553.dll -> Adware.Coupons : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINNT\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\sstray.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\svhost.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\CGEY\Cookies\cgey@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\HijackThis\backups\backup-20070221-161910-153.dll -> Trojan.Golid.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CAQRJ8FP\d_15_0[1] -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\afefsjjf.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\arxrgvob.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\ayeobmep.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\bagofpzr.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\bgwwsdwa.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\bsnkwedh.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\chckborb.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\cwtiffnz.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\djsbhvco.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\edagelsi.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\efairgfg.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\ehkncbop.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\fkrgmvtf.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\fqejhtmk.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\fvraizjs.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\gvvjcgxs.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\hdbfkczh.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\ifjzuvsf.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\izbrxjhe.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\lbuodplw.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\mcwivwvq.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\ngtkzges.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\nqcftqqr.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\qgutfmgr.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\qiegfdzb.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\rezrzwaj.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\tandmejc.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\tmamxwtd.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\xjjfsmqk.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\xsrfmjyw.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\ycdfdyxh.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\yciwlffj.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\ykkyyzaj.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\ysoabuzk.dll -> Trojan.Golid.g : Cleaned with backup (quarantined).
C:\WINNT\system32\uyyruiox.dll -> Trojan.Golid.l : Cleaned with backup (quarantined).
C:\WINNT\system32\zzwayzhb.exe -> Trojan.Small.fe : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 5:22:16 PM, on 2/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: (no name) - {0317792C-35F4-229D-7AAB-EA0BC8CDFA15} - (no file)
O2 - BHO: (no name) - {050E5558-FE0C-EDC7-9F6A-C336AE3D3299} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06DCC00C-821A-8B53-27D3-031DD3E5ECD9} - (no file)
O2 - BHO: (no name) - {0B51759C-4CF3-238A-FF2C-9417133AC00E} - (no file)
O2 - BHO: (no name) - {0BDF2A95-3F5A-66FB-58CD-EB045BCCD127} - (no file)
O2 - BHO: (no name) - {0E518F62-9B16-3CAB-16DC-1D6F0CD5C72E} - (no file)
O2 - BHO: (no name) - {114913D3-184A-47AD-CE60-C0D460E0B89E} - (no file)
O2 - BHO: (no name) - {119C92D5-8A65-439B-CC9F-5EF59240DFA2} - (no file)
O2 - BHO: (no name) - {13471D63-9D62-BB6F-33AB-8E021ADB15DE} - (no file)
O2 - BHO: (no name) - {13E26E36-513C-CAEC-23DF-308281268B82} - (no file)
O2 - BHO: (no name) - {1C6B2F8F-6843-B9DC-D1C1-8B066B615CAC} - (no file)
O2 - BHO: (no name) - {1D378946-6285-C898-BBBC-C4612B035AFA} - (no file)
O2 - BHO: (no name) - {270343E5-08B6-8303-498D-17E3A8CE4AF6} - (no file)
O2 - BHO: (no name) - {277C8BC3-819D-6CE7-9470-B51A6054EBAD} - (no file)
O2 - BHO: (no name) - {282A0F45-4C75-D1B3-7D1A-3FE1FDA1FC4A} - (no file)
O2 - BHO: (no name) - {31AED17D-55BA-FF5D-DA02-D1ED0FBEE8A1} - (no file)
O2 - BHO: (no name) - {362D77E9-3746-426B-16FD-C955AC2B80A5} - (no file)
O2 - BHO: (no name) - {38C5C06F-B701-AB17-4580-048A6D208280} - (no file)
O2 - BHO: (no name) - {39C5B42E-3D81-68B9-9C67-F37773324C65} - (no file)
O2 - BHO: (no name) - {39E49DCF-C2A7-5CF7-9460-0B4E3F64C1E7} - (no file)
O2 - BHO: (no name) - {3DDBD5AB-C729-F799-8DEE-7EB2AC71F184} - (no file)
O2 - BHO: (no name) - {3FDD8BDA-B490-4F39-77C3-23E33A89019F} - (no file)
O2 - BHO: (no name) - {43D1C9AE-AF29-732F-2701-18DCCB05E4FD} - (no file)
O2 - BHO: (no name) - {446AA9EB-A987-6BC7-5B12-17697DC5BFFB} - (no file)
O2 - BHO: (no name) - {477AFA08-5294-C8E1-C079-1F114B868287} - (no file)
O2 - BHO: (no name) - {47FD1A4B-0C59-EA9C-8DBB-B93D37025D9F} - (no file)
O2 - BHO: (no name) - {4C30EE36-48B4-B782-DEB2-EA2E3F50A7D4} - (no file)
O2 - BHO: (no name) - {4C4CF45A-3C1E-D765-CC58-5FC663E52953} - (no file)
O2 - BHO: (no name) - {4C9BDE33-82F4-806F-03A1-019A98302AD1} - (no file)
O2 - BHO: (no name) - {4D33CD40-69D8-5879-CBB9-F556C5168BE5} - (no file)
O2 - BHO: (no name) - {4F722CB0-7B12-BB48-4205-3C9AA9149C4B} - (no file)
O2 - BHO: (no name) - {519024E4-A5AD-7D3C-0F69-9761A942453C} - (no file)
O2 - BHO: (no name) - {520F8451-9C4C-C442-CBC5-923B05515FD5} - (no file)
O2 - BHO: (no name) - {528FC82B-F796-B966-9C1D-ED80814F59F4} - (no file)
O2 - BHO: (no name) - {558AE84A-10A7-EE53-86D4-44EE399D7723} - (no file)
O2 - BHO: (no name) - {578A36DB-C34F-2F5B-BC45-C54F4B2BEF86} - (no file)
O2 - BHO: (no name) - {5BCEFCC6-D9C6-6D55-CFA8-DAA2BC98BE49} - (no file)
O2 - BHO: (no name) - {62221C3E-48C7-539D-987E-70F8974FFD77} - (no file)
O2 - BHO: (no name) - {629484DF-3DBE-7F80-3699-1B2468233287} - (no file)
O2 - BHO: (no name) - {656A3F48-BB89-F412-4C9B-DE3382F4806F} - (no file)
O2 - BHO: (no name) - {66B788FC-823E-0FB2-E506-FA4F55233022} - (no file)
O2 - BHO: (no name) - {67AE2A9A-679A-A027-9906-C5C455612579} - (no file)
O2 - BHO: (no name) - {6849BAFE-A94C-9BDE-BA57-3DA6F97F2348} - (no file)
O2 - BHO: (no name) - {68E602D4-03F6-0CEF-A7C1-46C1D93DF620} - (no file)
O2 - BHO: (no name) - {69A8DA1A-31B3-C719-A4D4-824AA4D8A7A0} - (no file)
O2 - BHO: (no name) - {6A5DD275-06AC-AE04-EEC1-6473C3E8C354} - (no file)
O2 - BHO: (no name) - {6F718049-2F8C-210E-F202-9191A0AD54BF} - (no file)
O2 - BHO: (no name) - {70717F23-A4A5-714A-CC0D-5DBFCA5902A4} - (no file)
O2 - BHO: (no name) - {710727FC-05F9-BC73-F6D9-766735BD1055} - (no file)
O2 - BHO: (no name) - {80C6C54B-05D4-19EF-1902-9067F01CB0B2} - (no file)
O2 - BHO: (no name) - {83E897B8-A254-350A-CA28-E4500E65C579} - (no file)
O2 - BHO: (no name) - {84FFB8BD-DE71-F908-69BE-3BE5939F12A7} - (no file)
O2 - BHO: (no name) - {876FAAFD-1116-E642-3F02-9089E5180E28} - (no file)
O2 - BHO: (no name) - {8A67185A-DFE5-DF0E-9D91-49321DBD8A63} - (no file)
O2 - BHO: (no name) - {8DBBB93D-3702-5D9F-0DDB-5F2829572040} - (no file)
O2 - BHO: (no name) - {8FD3AA9A-8C51-C4B9-61AB-50D81F1F8F7E} - (no file)
O2 - BHO: (no name) - {9338B1D5-9DAA-0B85-F2BC-FB2A4CCFECA9} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {945FC1AA-8AF8-A4A3-9E1D-8F6340D91A9E} - (no file)
O2 - BHO: (no name) - {9CFF764D-1444-2EA0-16F7-59F49763E6E5} - (no file)
O2 - BHO: (no name) - {A11166D2-8498-7887-03A5-0999A16247D0} - (no file)
O2 - BHO: (no name) - {A33B3844-631B-5089-CA98-409199468AC8} - (no file)
O2 - BHO: (no name) - {A458692C-C0E8-955B-2A90-1875BAEEC437} - (no file)
O2 - BHO: (no name) - {A4EB1EE8-3613-18C5-8993-FFB8EDD1027A} - (no file)
O2 - BHO: (no name) - {A517C0D3-9901-34CF-3CDD-2E2D635DB829} - (no file)
O2 - BHO: (no name) - {A89CA73E-CD7D-10FB-E976-4652EB98C8F4} - (no file)
O2 - BHO: (no name) - {AA70B7BC-E713-B137-0B8C-4DC1F456FF93} - (no file)
O2 - BHO: (no name) - {AB8DB237-0CE1-A972-1B2B-5CE0FFFD1C3F} - (no file)
O2 - BHO: (no name) - {AC231102-3147-6723-0DED-D29AFD966E84} - (no file)
O2 - BHO: (no name) - {AC2B0794-4C79-4989-E4AE-DB9F7C90A8B1} - (no file)
O2 - BHO: (no name) - {AE35DAFE-CE81-C083-6B56-D93411B85036} - (no file)
O2 - BHO: (no name) - {AF1D0EB8-7CDE-856D-16E2-A439B9CE1F4A} - (no file)
O2 - BHO: (no name) - {AF2CBC69-416A-2064-C0E7-DBBB4AA4A5D1} - (no file)
O2 - BHO: (no name) - {AF553760-D999-F672-40DF-4938B1E3DC46} - (no file)
O2 - BHO: (no name) - {B5B64B29-5EB4-F1CF-9C39-8B6260D40AD9} - (no file)
O2 - BHO: (no name) - {BC85BFF6-7F02-6FB4-B976-B5418E30D80A} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C3E53255-32FB-B2F9-2688-9B93B511E388} - (no file)
O2 - BHO: (no name) - {C5122225-8459-BF6B-D007-8A5767993D43} - (no file)
O2 - BHO: (no name) - {C8CA2DA0-B69C-D575-4843-23C89AE17A3E} - (no file)
O2 - BHO: (no name) - {CEA2E8DC-3B01-25CD-7544-BEA8F3741EF4} - (no file)
O2 - BHO: (no name) - {D4C0B0D5-8AA6-7574-747E-7BC1DC8B5B83} - (no file)
O2 - BHO: (no name) - {D4EC93F1-3315-0EEE-3EA9-81FE429F3D79} - (no file)
O2 - BHO: (no name) - {D77DBE40-9923-7760-9C3E-D93FFE6EDBD1} - (no file)
O2 - BHO: (no name) - {D92194E7-FE61-72D2-8C4C-FC3716A81A77} - (no file)
O2 - BHO: (no name) - {DB093CBD-2E6D-8AC7-9B72-4F46E2C21C88} - (no file)
O2 - BHO: (no name) - {DF87B759-39F4-6E12-768E-929C949D56F6} - (no file)
O2 - BHO: (no name) - {E06FC566-61AB-D2FC-5B1A-B47BD4BDDBFB} - (no file)
O2 - BHO: (no name) - {E0A30F7B-8B73-71A3-DA9F-CB617DD92224} - (no file)
O2 - BHO: (no name) - {E436E03D-B37F-ED57-A2F3-DEDE3793CCF6} - (no file)
O2 - BHO: (no name) - {E92A9C25-C118-D5C1-1A55-D67531826253} - (no file)
O2 - BHO: (no name) - {EA30C14B-0A3C-25CB-D140-D603BC6DAB76} - (no file)
O2 - BHO: (no name) - {ECA6015D-4B79-CF8D-1BB8-7779FA4DCD2A} - (no file)
O2 - BHO: (no name) - {EE29F4DB-65F0-E2F7-411C-BF76E443B740} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-003F-8981A03D8981} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-00EF-7B81A0ED7B81} - (no file)
O2 - BHO: (no name) - {F3CC2E56-060E-41D1-4465-B59D3526FC49} - (no file)
O2 - BHO: (no name) - {F42E3E1D-4958-6206-E6E5-B12283968EC1} - (no file)
O2 - BHO: (no name) - {F708D16F-268F-AE75-EDB3-C4C7BAD2CE19} - (no file)
O2 - BHO: (no name) - {FA1250D0-8461-DD7B-BC82-5578E1705466} - (no file)
O2 - BHO: (no name) - {FA1EDD16-EFD8-9329-649F-B8971261E89C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://files.mhswebcollabsuite.com/imtapp/...jar/cnsload.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - https://dmhrsi.satx.disa.mil/jinitiator/oajinit.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

Edited by ranger-007, 21 February 2007 - 06:42 PM.


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 21 February 2007 - 07:05 PM

Download and scan with the free 15 day trial of Counterspy
Once installed launch Counterspy.
Click on 'Spyware Scan',then click 'Updates' at the top right.
Once any available updates have been installed,click the 'Scan Now' button.
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into a Word/Text document,then save it to your desktop.

********************************

Please run the F-Secure online virus/spyware scan using Internet Explorer:
http://support.f-secure.com/enu/home/ols3.shtml
Follow the directions in the F-Secure page for proper Installation.
Accept the License Agreement.
Once the ActiveX installs,Click ‘Custom Scan’ and be sure the following are checked:
1.Scan whole System
2.Scan all files
3.Scan whole system for rootkits
4.Scan whole system for spyware
5.Scan inside archives
6.Use advanced heuristics
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.

Reboot,post the Counterspy and F-Secure reports and a new Hijackthis log in your next reply.
Posted Image
Posted Image

#7 ranger-007

ranger-007
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 22 February 2007 - 10:48 AM

Here they are. I think I accidently deleted PC Weasel but oh well.

Logfile of HijackThis v1.99.1
Scan saved at 9:49:41 AM, on 2/22/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: (no name) - {0317792C-35F4-229D-7AAB-EA0BC8CDFA15} - (no file)
O2 - BHO: (no name) - {050E5558-FE0C-EDC7-9F6A-C336AE3D3299} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06DCC00C-821A-8B53-27D3-031DD3E5ECD9} - (no file)
O2 - BHO: (no name) - {0B51759C-4CF3-238A-FF2C-9417133AC00E} - (no file)
O2 - BHO: (no name) - {0BDF2A95-3F5A-66FB-58CD-EB045BCCD127} - (no file)
O2 - BHO: (no name) - {0E518F62-9B16-3CAB-16DC-1D6F0CD5C72E} - (no file)
O2 - BHO: (no name) - {114913D3-184A-47AD-CE60-C0D460E0B89E} - (no file)
O2 - BHO: (no name) - {119C92D5-8A65-439B-CC9F-5EF59240DFA2} - (no file)
O2 - BHO: (no name) - {13471D63-9D62-BB6F-33AB-8E021ADB15DE} - (no file)
O2 - BHO: (no name) - {13E26E36-513C-CAEC-23DF-308281268B82} - (no file)
O2 - BHO: (no name) - {1C6B2F8F-6843-B9DC-D1C1-8B066B615CAC} - (no file)
O2 - BHO: (no name) - {1D378946-6285-C898-BBBC-C4612B035AFA} - (no file)
O2 - BHO: (no name) - {270343E5-08B6-8303-498D-17E3A8CE4AF6} - (no file)
O2 - BHO: (no name) - {277C8BC3-819D-6CE7-9470-B51A6054EBAD} - (no file)
O2 - BHO: (no name) - {282A0F45-4C75-D1B3-7D1A-3FE1FDA1FC4A} - (no file)
O2 - BHO: (no name) - {31AED17D-55BA-FF5D-DA02-D1ED0FBEE8A1} - (no file)
O2 - BHO: (no name) - {362D77E9-3746-426B-16FD-C955AC2B80A5} - (no file)
O2 - BHO: (no name) - {38C5C06F-B701-AB17-4580-048A6D208280} - (no file)
O2 - BHO: (no name) - {39C5B42E-3D81-68B9-9C67-F37773324C65} - (no file)
O2 - BHO: (no name) - {39E49DCF-C2A7-5CF7-9460-0B4E3F64C1E7} - (no file)
O2 - BHO: (no name) - {3DDBD5AB-C729-F799-8DEE-7EB2AC71F184} - (no file)
O2 - BHO: (no name) - {3FDD8BDA-B490-4F39-77C3-23E33A89019F} - (no file)
O2 - BHO: (no name) - {43D1C9AE-AF29-732F-2701-18DCCB05E4FD} - (no file)
O2 - BHO: (no name) - {446AA9EB-A987-6BC7-5B12-17697DC5BFFB} - (no file)
O2 - BHO: (no name) - {477AFA08-5294-C8E1-C079-1F114B868287} - (no file)
O2 - BHO: (no name) - {47FD1A4B-0C59-EA9C-8DBB-B93D37025D9F} - (no file)
O2 - BHO: (no name) - {4C30EE36-48B4-B782-DEB2-EA2E3F50A7D4} - (no file)
O2 - BHO: (no name) - {4C4CF45A-3C1E-D765-CC58-5FC663E52953} - (no file)
O2 - BHO: (no name) - {4C9BDE33-82F4-806F-03A1-019A98302AD1} - (no file)
O2 - BHO: (no name) - {4D33CD40-69D8-5879-CBB9-F556C5168BE5} - (no file)
O2 - BHO: (no name) - {4F722CB0-7B12-BB48-4205-3C9AA9149C4B} - (no file)
O2 - BHO: (no name) - {519024E4-A5AD-7D3C-0F69-9761A942453C} - (no file)
O2 - BHO: (no name) - {520F8451-9C4C-C442-CBC5-923B05515FD5} - (no file)
O2 - BHO: (no name) - {528FC82B-F796-B966-9C1D-ED80814F59F4} - (no file)
O2 - BHO: (no name) - {558AE84A-10A7-EE53-86D4-44EE399D7723} - (no file)
O2 - BHO: (no name) - {578A36DB-C34F-2F5B-BC45-C54F4B2BEF86} - (no file)
O2 - BHO: (no name) - {5BCEFCC6-D9C6-6D55-CFA8-DAA2BC98BE49} - (no file)
O2 - BHO: (no name) - {62221C3E-48C7-539D-987E-70F8974FFD77} - (no file)
O2 - BHO: (no name) - {629484DF-3DBE-7F80-3699-1B2468233287} - (no file)
O2 - BHO: (no name) - {656A3F48-BB89-F412-4C9B-DE3382F4806F} - (no file)
O2 - BHO: (no name) - {66B788FC-823E-0FB2-E506-FA4F55233022} - (no file)
O2 - BHO: (no name) - {67AE2A9A-679A-A027-9906-C5C455612579} - (no file)
O2 - BHO: (no name) - {6849BAFE-A94C-9BDE-BA57-3DA6F97F2348} - (no file)
O2 - BHO: (no name) - {68E602D4-03F6-0CEF-A7C1-46C1D93DF620} - (no file)
O2 - BHO: (no name) - {69A8DA1A-31B3-C719-A4D4-824AA4D8A7A0} - (no file)
O2 - BHO: (no name) - {6A5DD275-06AC-AE04-EEC1-6473C3E8C354} - (no file)
O2 - BHO: (no name) - {6F718049-2F8C-210E-F202-9191A0AD54BF} - (no file)
O2 - BHO: (no name) - {70717F23-A4A5-714A-CC0D-5DBFCA5902A4} - (no file)
O2 - BHO: (no name) - {710727FC-05F9-BC73-F6D9-766735BD1055} - (no file)
O2 - BHO: (no name) - {80C6C54B-05D4-19EF-1902-9067F01CB0B2} - (no file)
O2 - BHO: (no name) - {83E897B8-A254-350A-CA28-E4500E65C579} - (no file)
O2 - BHO: (no name) - {84FFB8BD-DE71-F908-69BE-3BE5939F12A7} - (no file)
O2 - BHO: (no name) - {876FAAFD-1116-E642-3F02-9089E5180E28} - (no file)
O2 - BHO: (no name) - {8A67185A-DFE5-DF0E-9D91-49321DBD8A63} - (no file)
O2 - BHO: (no name) - {8DBBB93D-3702-5D9F-0DDB-5F2829572040} - (no file)
O2 - BHO: (no name) - {8FD3AA9A-8C51-C4B9-61AB-50D81F1F8F7E} - (no file)
O2 - BHO: (no name) - {9338B1D5-9DAA-0B85-F2BC-FB2A4CCFECA9} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {945FC1AA-8AF8-A4A3-9E1D-8F6340D91A9E} - (no file)
O2 - BHO: (no name) - {9CFF764D-1444-2EA0-16F7-59F49763E6E5} - (no file)
O2 - BHO: (no name) - {A11166D2-8498-7887-03A5-0999A16247D0} - (no file)
O2 - BHO: (no name) - {A33B3844-631B-5089-CA98-409199468AC8} - (no file)
O2 - BHO: (no name) - {A458692C-C0E8-955B-2A90-1875BAEEC437} - (no file)
O2 - BHO: (no name) - {A4EB1EE8-3613-18C5-8993-FFB8EDD1027A} - (no file)
O2 - BHO: (no name) - {A517C0D3-9901-34CF-3CDD-2E2D635DB829} - (no file)
O2 - BHO: (no name) - {A89CA73E-CD7D-10FB-E976-4652EB98C8F4} - (no file)
O2 - BHO: (no name) - {AA70B7BC-E713-B137-0B8C-4DC1F456FF93} - (no file)
O2 - BHO: (no name) - {AB8DB237-0CE1-A972-1B2B-5CE0FFFD1C3F} - (no file)
O2 - BHO: (no name) - {AC231102-3147-6723-0DED-D29AFD966E84} - (no file)
O2 - BHO: (no name) - {AC2B0794-4C79-4989-E4AE-DB9F7C90A8B1} - (no file)
O2 - BHO: (no name) - {AE35DAFE-CE81-C083-6B56-D93411B85036} - (no file)
O2 - BHO: (no name) - {AF1D0EB8-7CDE-856D-16E2-A439B9CE1F4A} - (no file)
O2 - BHO: (no name) - {AF2CBC69-416A-2064-C0E7-DBBB4AA4A5D1} - (no file)
O2 - BHO: (no name) - {AF553760-D999-F672-40DF-4938B1E3DC46} - (no file)
O2 - BHO: (no name) - {B5B64B29-5EB4-F1CF-9C39-8B6260D40AD9} - (no file)
O2 - BHO: (no name) - {BC85BFF6-7F02-6FB4-B976-B5418E30D80A} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C3E53255-32FB-B2F9-2688-9B93B511E388} - (no file)
O2 - BHO: (no name) - {C5122225-8459-BF6B-D007-8A5767993D43} - (no file)
O2 - BHO: (no name) - {C8CA2DA0-B69C-D575-4843-23C89AE17A3E} - (no file)
O2 - BHO: (no name) - {CEA2E8DC-3B01-25CD-7544-BEA8F3741EF4} - (no file)
O2 - BHO: (no name) - {D4C0B0D5-8AA6-7574-747E-7BC1DC8B5B83} - (no file)
O2 - BHO: (no name) - {D4EC93F1-3315-0EEE-3EA9-81FE429F3D79} - (no file)
O2 - BHO: (no name) - {D77DBE40-9923-7760-9C3E-D93FFE6EDBD1} - (no file)
O2 - BHO: (no name) - {D92194E7-FE61-72D2-8C4C-FC3716A81A77} - (no file)
O2 - BHO: (no name) - {DB093CBD-2E6D-8AC7-9B72-4F46E2C21C88} - (no file)
O2 - BHO: (no name) - {DF87B759-39F4-6E12-768E-929C949D56F6} - (no file)
O2 - BHO: (no name) - {E06FC566-61AB-D2FC-5B1A-B47BD4BDDBFB} - (no file)
O2 - BHO: (no name) - {E0A30F7B-8B73-71A3-DA9F-CB617DD92224} - (no file)
O2 - BHO: (no name) - {E436E03D-B37F-ED57-A2F3-DEDE3793CCF6} - (no file)
O2 - BHO: (no name) - {E92A9C25-C118-D5C1-1A55-D67531826253} - (no file)
O2 - BHO: (no name) - {EA30C14B-0A3C-25CB-D140-D603BC6DAB76} - (no file)
O2 - BHO: (no name) - {ECA6015D-4B79-CF8D-1BB8-7779FA4DCD2A} - (no file)
O2 - BHO: (no name) - {EE29F4DB-65F0-E2F7-411C-BF76E443B740} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-003F-8981A03D8981} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-00EF-7B81A0ED7B81} - (no file)
O2 - BHO: (no name) - {F3CC2E56-060E-41D1-4465-B59D3526FC49} - (no file)
O2 - BHO: (no name) - {F42E3E1D-4958-6206-E6E5-B12283968EC1} - (no file)
O2 - BHO: (no name) - {F708D16F-268F-AE75-EDB3-C4C7BAD2CE19} - (no file)
O2 - BHO: (no name) - {FA1250D0-8461-DD7B-BC82-5578E1705466} - (no file)
O2 - BHO: (no name) - {FA1EDD16-EFD8-9329-649F-B8971261E89C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://files.mhswebcollabsuite.com/imtapp/...jar/cnsload.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - https://dmhrsi.satx.disa.mil/jinitiator/oajinit.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe



Scanning Report
Thursday, February 22, 2007 08:19:31 - 09:29:52
Computer name: HOME1
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 2 malware found
Trojan-Downloader.Win32.Small.ddk (virus)
C:\19872104.EXE (Renamed & Submitted)
C:\WINNT\19872104.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 21022
System: 3584
Not scanned: 2
Actions:
Disinfected: 0
Renamed: 2
Deleted: 0
None: 0
Submitted: 2
Files not scanned:
C:\PAGEFILE.SYS
C:\WINNT\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 7.0.171, 2007-02-22
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Libra: 2.4.2, 2007-02-21
F-Secure Orion: 1.2.37, 2007-02-22
F-Secure Pegasus: 1.19.0, 2007-01-21
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

Scan History Details
Start Date: 2/21/2007 6:04:08 PM
End Date: 2/21/2007 6:24:46 PM
Total Time: 20 Min 38 Sec
Detected security risks

CWS.CameUp Hijacker more information...
Details: CWS.CameUp is an adware application that hijacks the user's Internet Explorers start page, and prevents the user from changing the URL back to their preferred homepage.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN


AvenueMedia.InternetOptimizer Browser Plug-in more information...
Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER ACTIVE ALERT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER ACTIVE ALERT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER ACTIVE ALERT
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER SOFTWARE INSTALLER
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER SOFTWARE INSTALLER
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER SOFTWARE INSTALLER
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER


E2Give Adware (General) more information...
Details: E2Give is an Internet Explorer Browser Helper Object (BHO) that redirects accesses to web merchants in order to claim their affiliate fees.
Status: Deleted

Files detected
C:\WINNT\system32\data.~
C:\WINNT\system32\log.~


IEPlugin Adware (General) more information...
Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
Status: Deleted

Files detected
C:\Documents and Settings\CGEY\Local Settings\TempWM_FUINS.bat


IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ISTSVC
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ISTSVC
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ISTSVC


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Files detected
C:\PROGRAM FILES\AWS\WeatherBug\REMOVE.EXE
C:\PROGRAM FILES\AWS
C:\PROGRAM FILES\AWS\WEATHERBUG

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-57989841-854245398-1343024091-1000\SOFTWARE\AWS\weather\setup


Zuvio.OpenSite Hijacker more information...
Details: OpenSite displays advertisements based on keywords in the address bar, and may also change the default home page in Internet Explorer.
Status: Deleted

Files detected
C:\PROGRAM FILES\OPEN SITE


PC Weasel Commercial Key Logger more information...
Status: Deleted

Files detected
C:\PROGRAM FILES\PC WEASEL\bak\PCWeasel.exe
C:\PROGRAM FILES\PC WEASEL\CleanReg.exe
C:\PROGRAM FILES\PC WEASEL\Images\Image001.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image002.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image003.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image004.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image005.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image006.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image007.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image008.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image009.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image010.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image011.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image012.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image013.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image014.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image015.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image016.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image017.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image018.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image019.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image020.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image021.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image022.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image023.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image024.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image025.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image026.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image027.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image028.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image029.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image030.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image031.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image032.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image033.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image034.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image035.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image036.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image037.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image038.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image039.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image040.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image041.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image042.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image043.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image044.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image045.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image046.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image047.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image048.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image049.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image050.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image051.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image052.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image053.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image054.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image055.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image056.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image057.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image058.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image059.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image060.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image061.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image062.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image063.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image064.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image065.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image066.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image067.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image068.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image069.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image070.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image071.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image072.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image073.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image074.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image075.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image076.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image077.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image078.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image079.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image080.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image081.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image082.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image083.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image084.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image085.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image086.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image087.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image088.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image089.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image090.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image091.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image092.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image093.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image094.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image095.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image096.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image097.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image098.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image099.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image100.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image101.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image102.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image103.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image104.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image105.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image106.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image107.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image108.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image109.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image110.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image111.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image112.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image113.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image114.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image115.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image116.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image117.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image118.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image119.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image120.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image121.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image122.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image123.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image124.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image125.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image126.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image127.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image128.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image129.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image130.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image131.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image132.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image133.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image134.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image135.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image136.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image137.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image138.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image139.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image140.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image141.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image142.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image143.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image144.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image145.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image146.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image147.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image148.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image149.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image150.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image151.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image152.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image153.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image154.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image155.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image156.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image157.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image158.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image159.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image160.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image161.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image162.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image163.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image164.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image165.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image166.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image167.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image168.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image169.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image170.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image171.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image172.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image173.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image174.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image175.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image176.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image177.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image178.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image179.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image180.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image181.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image182.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image183.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image184.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image185.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image186.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image187.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image188.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image189.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image190.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image191.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image192.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image193.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image194.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image195.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image196.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image197.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image198.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image199.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image200.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image201.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image202.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image203.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image204.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image205.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image206.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image207.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image208.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image209.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image210.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image211.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image212.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image213.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image214.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image215.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image216.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image217.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image218.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image219.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image220.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image221.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image222.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image223.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image224.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image225.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image226.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image227.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image228.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image229.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image230.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image231.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image232.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image233.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image234.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image235.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image236.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image237.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image238.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image239.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image240.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image241.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image242.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image243.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image244.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image245.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image246.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image247.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image248.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image249.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image250.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image251.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image252.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image253.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image254.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image255.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image256.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image257.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image258.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image259.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image260.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image261.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image262.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image263.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image264.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image265.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image266.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image267.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image268.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image269.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image270.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image271.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image272.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image273.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image274.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image275.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image276.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image277.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image278.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image279.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image280.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image281.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image282.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image283.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image284.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image285.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image286.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image287.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image288.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image289.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image290.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image291.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image292.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image293.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image294.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image295.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image296.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image297.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image298.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image299.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image300.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image301.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image302.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image303.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image304.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image305.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image306.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image307.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image308.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image309.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image310.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image311.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image312.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image313.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image314.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image315.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image316.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image317.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image318.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image319.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image320.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image321.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image322.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image323.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image324.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image325.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image326.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image327.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image328.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image329.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image330.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image331.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image332.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image333.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image334.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image335.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image336.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image337.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image338.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image339.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image340.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image341.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image342.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image343.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image344.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image345.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image346.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image347.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image348.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image349.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image350.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image351.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image352.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image353.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image354.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image355.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image356.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image357.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image358.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image359.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image360.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image361.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image362.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image363.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image364.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image365.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image366.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image367.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image368.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image369.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image370.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image371.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image372.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image373.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image374.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image375.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image376.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image377.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image378.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image379.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image380.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image381.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image382.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image383.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image384.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image385.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image386.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image387.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image388.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image389.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image390.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image391.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image392.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image393.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image394.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image395.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image396.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image397.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image398.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image399.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image400.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image401.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image402.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image403.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image404.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image405.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image406.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image407.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image408.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image409.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image410.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image411.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image412.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image413.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image414.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image415.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image416.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image417.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image418.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image419.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image420.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image421.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image422.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image423.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image424.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image425.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image426.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image427.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image428.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image429.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image430.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image431.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image432.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image433.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image434.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image435.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image436.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image437.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image438.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image439.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image440.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image441.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image442.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image443.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image444.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image445.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image446.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image447.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image448.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image449.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image450.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image451.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image452.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image453.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image454.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image455.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image456.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image457.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image458.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image459.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image460.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image461.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image462.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image463.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image464.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image465.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image466.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image467.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image468.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image469.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image470.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image471.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image472.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image473.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image474.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image475.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image476.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image477.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image478.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image479.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image480.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image481.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image482.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image483.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image484.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image485.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image486.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image487.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image488.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image489.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image490.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image491.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image492.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image493.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image494.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image495.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image496.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image497.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image498.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image499.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image500.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image501.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image502.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image503.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image504.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image505.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image506.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image507.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image508.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image509.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image510.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image511.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image512.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image513.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image514.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image515.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image516.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image517.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image518.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Image519.jpg
C:\PROGRAM FILES\PC WEASEL\Images\Im

Edited by ranger-007, 22 February 2007 - 11:08 AM.


#8 ranger-007

ranger-007
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 22 February 2007 - 11:10 AM

So am I still trying to delete Spy Sheriff?

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 22 February 2007 - 11:22 AM

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option #1 – Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Posted Image
Posted Image

#10 ranger-007

ranger-007
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 22 February 2007 - 11:33 AM

SmitFraudFix v2.144

Scan done at 10:14:29.99, Thu 02/22/2007
Run from C:\Documents and Settings\CGEY\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CGEY


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CGEY\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CGEY\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 22 February 2007 - 11:48 AM

Well you're certainly not infected with Spysheriff.

Download ComboScan to your desktop:
http://www.techsupportforum.com/sectools/D...d/comboscan.exe
Make sure all running programs and Windows Explorer windows are closed.
Double-click on comboscan.exe to run it,then follow the prompts.
The scan may take a few minutes to complete.
When the scan has finished,a text file will open 'ComboScan.txt'.

Please Note:
When running Comboscan,some firewalls may warn that sigcheck.exe is trying to access the internet,please ensure that you allow sigcheck.exe permission to do so.
Also,it may happen that your Antivirus flags Comboscan as suspicious.
Please allow the Comboscan to run and don't let your Antivirus delete it.
(If necessary temporarily disable/turn off your Antivirus program).

Post the Comboscan.txt from the Comboscan into your next reply.
Posted Image
Posted Image

#12 ranger-007

ranger-007
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 22 February 2007 - 11:55 AM

Thats good. But we're still running tests, so is there something? Or is this like preventitive maint.? =)


ComboScan v20070221.16 run by CGEY on 2007-02-22 at 10:34:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Performed disk cleanup.


-- HijackThis (run as CGEY.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:34:30 AM, on 2/22/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\CGEY\Desktop\comboscan.exe
C:\Program Files\HijackThis\CGEY.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: (no name) - {0317792C-35F4-229D-7AAB-EA0BC8CDFA15} - (no file)
O2 - BHO: (no name) - {050E5558-FE0C-EDC7-9F6A-C336AE3D3299} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06DCC00C-821A-8B53-27D3-031DD3E5ECD9} - (no file)
O2 - BHO: (no name) - {0B51759C-4CF3-238A-FF2C-9417133AC00E} - (no file)
O2 - BHO: (no name) - {0BDF2A95-3F5A-66FB-58CD-EB045BCCD127} - (no file)
O2 - BHO: (no name) - {0E518F62-9B16-3CAB-16DC-1D6F0CD5C72E} - (no file)
O2 - BHO: (no name) - {114913D3-184A-47AD-CE60-C0D460E0B89E} - (no file)
O2 - BHO: (no name) - {119C92D5-8A65-439B-CC9F-5EF59240DFA2} - (no file)
O2 - BHO: (no name) - {13471D63-9D62-BB6F-33AB-8E021ADB15DE} - (no file)
O2 - BHO: (no name) - {13E26E36-513C-CAEC-23DF-308281268B82} - (no file)
O2 - BHO: (no name) - {1C6B2F8F-6843-B9DC-D1C1-8B066B615CAC} - (no file)
O2 - BHO: (no name) - {1D378946-6285-C898-BBBC-C4612B035AFA} - (no file)
O2 - BHO: (no name) - {270343E5-08B6-8303-498D-17E3A8CE4AF6} - (no file)
O2 - BHO: (no name) - {277C8BC3-819D-6CE7-9470-B51A6054EBAD} - (no file)
O2 - BHO: (no name) - {282A0F45-4C75-D1B3-7D1A-3FE1FDA1FC4A} - (no file)
O2 - BHO: (no name) - {31AED17D-55BA-FF5D-DA02-D1ED0FBEE8A1} - (no file)
O2 - BHO: (no name) - {362D77E9-3746-426B-16FD-C955AC2B80A5} - (no file)
O2 - BHO: (no name) - {38C5C06F-B701-AB17-4580-048A6D208280} - (no file)
O2 - BHO: (no name) - {39C5B42E-3D81-68B9-9C67-F37773324C65} - (no file)
O2 - BHO: (no name) - {39E49DCF-C2A7-5CF7-9460-0B4E3F64C1E7} - (no file)
O2 - BHO: (no name) - {3DDBD5AB-C729-F799-8DEE-7EB2AC71F184} - (no file)
O2 - BHO: (no name) - {3FDD8BDA-B490-4F39-77C3-23E33A89019F} - (no file)
O2 - BHO: (no name) - {43D1C9AE-AF29-732F-2701-18DCCB05E4FD} - (no file)
O2 - BHO: (no name) - {446AA9EB-A987-6BC7-5B12-17697DC5BFFB} - (no file)
O2 - BHO: (no name) - {477AFA08-5294-C8E1-C079-1F114B868287} - (no file)
O2 - BHO: (no name) - {47FD1A4B-0C59-EA9C-8DBB-B93D37025D9F} - (no file)
O2 - BHO: (no name) - {4C30EE36-48B4-B782-DEB2-EA2E3F50A7D4} - (no file)
O2 - BHO: (no name) - {4C4CF45A-3C1E-D765-CC58-5FC663E52953} - (no file)
O2 - BHO: (no name) - {4C9BDE33-82F4-806F-03A1-019A98302AD1} - (no file)
O2 - BHO: (no name) - {4D33CD40-69D8-5879-CBB9-F556C5168BE5} - (no file)
O2 - BHO: (no name) - {4F722CB0-7B12-BB48-4205-3C9AA9149C4B} - (no file)
O2 - BHO: (no name) - {519024E4-A5AD-7D3C-0F69-9761A942453C} - (no file)
O2 - BHO: (no name) - {520F8451-9C4C-C442-CBC5-923B05515FD5} - (no file)
O2 - BHO: (no name) - {528FC82B-F796-B966-9C1D-ED80814F59F4} - (no file)
O2 - BHO: (no name) - {558AE84A-10A7-EE53-86D4-44EE399D7723} - (no file)
O2 - BHO: (no name) - {578A36DB-C34F-2F5B-BC45-C54F4B2BEF86} - (no file)
O2 - BHO: (no name) - {5BCEFCC6-D9C6-6D55-CFA8-DAA2BC98BE49} - (no file)
O2 - BHO: (no name) - {62221C3E-48C7-539D-987E-70F8974FFD77} - (no file)
O2 - BHO: (no name) - {629484DF-3DBE-7F80-3699-1B2468233287} - (no file)
O2 - BHO: (no name) - {656A3F48-BB89-F412-4C9B-DE3382F4806F} - (no file)
O2 - BHO: (no name) - {66B788FC-823E-0FB2-E506-FA4F55233022} - (no file)
O2 - BHO: (no name) - {67AE2A9A-679A-A027-9906-C5C455612579} - (no file)
O2 - BHO: (no name) - {6849BAFE-A94C-9BDE-BA57-3DA6F97F2348} - (no file)
O2 - BHO: (no name) - {68E602D4-03F6-0CEF-A7C1-46C1D93DF620} - (no file)
O2 - BHO: (no name) - {69A8DA1A-31B3-C719-A4D4-824AA4D8A7A0} - (no file)
O2 - BHO: (no name) - {6A5DD275-06AC-AE04-EEC1-6473C3E8C354} - (no file)
O2 - BHO: (no name) - {6F718049-2F8C-210E-F202-9191A0AD54BF} - (no file)
O2 - BHO: (no name) - {70717F23-A4A5-714A-CC0D-5DBFCA5902A4} - (no file)
O2 - BHO: (no name) - {710727FC-05F9-BC73-F6D9-766735BD1055} - (no file)
O2 - BHO: (no name) - {80C6C54B-05D4-19EF-1902-9067F01CB0B2} - (no file)
O2 - BHO: (no name) - {83E897B8-A254-350A-CA28-E4500E65C579} - (no file)
O2 - BHO: (no name) - {84FFB8BD-DE71-F908-69BE-3BE5939F12A7} - (no file)
O2 - BHO: (no name) - {876FAAFD-1116-E642-3F02-9089E5180E28} - (no file)
O2 - BHO: (no name) - {8A67185A-DFE5-DF0E-9D91-49321DBD8A63} - (no file)
O2 - BHO: (no name) - {8DBBB93D-3702-5D9F-0DDB-5F2829572040} - (no file)
O2 - BHO: (no name) - {8FD3AA9A-8C51-C4B9-61AB-50D81F1F8F7E} - (no file)
O2 - BHO: (no name) - {9338B1D5-9DAA-0B85-F2BC-FB2A4CCFECA9} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {945FC1AA-8AF8-A4A3-9E1D-8F6340D91A9E} - (no file)
O2 - BHO: (no name) - {9CFF764D-1444-2EA0-16F7-59F49763E6E5} - (no file)
O2 - BHO: (no name) - {A11166D2-8498-7887-03A5-0999A16247D0} - (no file)
O2 - BHO: (no name) - {A33B3844-631B-5089-CA98-409199468AC8} - (no file)
O2 - BHO: (no name) - {A458692C-C0E8-955B-2A90-1875BAEEC437} - (no file)
O2 - BHO: (no name) - {A4EB1EE8-3613-18C5-8993-FFB8EDD1027A} - (no file)
O2 - BHO: (no name) - {A517C0D3-9901-34CF-3CDD-2E2D635DB829} - (no file)
O2 - BHO: (no name) - {A89CA73E-CD7D-10FB-E976-4652EB98C8F4} - (no file)
O2 - BHO: (no name) - {AA70B7BC-E713-B137-0B8C-4DC1F456FF93} - (no file)
O2 - BHO: (no name) - {AB8DB237-0CE1-A972-1B2B-5CE0FFFD1C3F} - (no file)
O2 - BHO: (no name) - {AC231102-3147-6723-0DED-D29AFD966E84} - (no file)
O2 - BHO: (no name) - {AC2B0794-4C79-4989-E4AE-DB9F7C90A8B1} - (no file)
O2 - BHO: (no name) - {AE35DAFE-CE81-C083-6B56-D93411B85036} - (no file)
O2 - BHO: (no name) - {AF1D0EB8-7CDE-856D-16E2-A439B9CE1F4A} - (no file)
O2 - BHO: (no name) - {AF2CBC69-416A-2064-C0E7-DBBB4AA4A5D1} - (no file)
O2 - BHO: (no name) - {AF553760-D999-F672-40DF-4938B1E3DC46} - (no file)
O2 - BHO: (no name) - {B5B64B29-5EB4-F1CF-9C39-8B6260D40AD9} - (no file)
O2 - BHO: (no name) - {BC85BFF6-7F02-6FB4-B976-B5418E30D80A} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C3E53255-32FB-B2F9-2688-9B93B511E388} - (no file)
O2 - BHO: (no name) - {C5122225-8459-BF6B-D007-8A5767993D43} - (no file)
O2 - BHO: (no name) - {C8CA2DA0-B69C-D575-4843-23C89AE17A3E} - (no file)
O2 - BHO: (no name) - {CEA2E8DC-3B01-25CD-7544-BEA8F3741EF4} - (no file)
O2 - BHO: (no name) - {D4C0B0D5-8AA6-7574-747E-7BC1DC8B5B83} - (no file)
O2 - BHO: (no name) - {D4EC93F1-3315-0EEE-3EA9-81FE429F3D79} - (no file)
O2 - BHO: (no name) - {D77DBE40-9923-7760-9C3E-D93FFE6EDBD1} - (no file)
O2 - BHO: (no name) - {D92194E7-FE61-72D2-8C4C-FC3716A81A77} - (no file)
O2 - BHO: (no name) - {DB093CBD-2E6D-8AC7-9B72-4F46E2C21C88} - (no file)
O2 - BHO: (no name) - {DF87B759-39F4-6E12-768E-929C949D56F6} - (no file)
O2 - BHO: (no name) - {E06FC566-61AB-D2FC-5B1A-B47BD4BDDBFB} - (no file)
O2 - BHO: (no name) - {E0A30F7B-8B73-71A3-DA9F-CB617DD92224} - (no file)
O2 - BHO: (no name) - {E436E03D-B37F-ED57-A2F3-DEDE3793CCF6} - (no file)
O2 - BHO: (no name) - {E92A9C25-C118-D5C1-1A55-D67531826253} - (no file)
O2 - BHO: (no name) - {EA30C14B-0A3C-25CB-D140-D603BC6DAB76} - (no file)
O2 - BHO: (no name) - {ECA6015D-4B79-CF8D-1BB8-7779FA4DCD2A} - (no file)
O2 - BHO: (no name) - {EE29F4DB-65F0-E2F7-411C-BF76E443B740} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-003F-8981A03D8981} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-00EF-7B81A0ED7B81} - (no file)
O2 - BHO: (no name) - {F3CC2E56-060E-41D1-4465-B59D3526FC49} - (no file)
O2 - BHO: (no name) - {F42E3E1D-4958-6206-E6E5-B12283968EC1} - (no file)
O2 - BHO: (no name) - {F708D16F-268F-AE75-EDB3-C4C7BAD2CE19} - (no file)
O2 - BHO: (no name) - {FA1250D0-8461-DD7B-BC82-5578E1705466} - (no file)
O2 - BHO: (no name) - {FA1EDD16-EFD8-9329-649F-B8971261E89C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://files.mhswebcollabsuite.com/imtapp/...jar/cnsload.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - https://dmhrsi.satx.disa.mil/jinitiator/oajinit.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe


-- HijackThis Fixed Entries (C:\Program Files\HijackThis\backups\) --------------

backup-20070221-161910-100 O2 - BHO: (no name) - {656A3F48-BB89-F412-4C9B-DE3382F4806F} - (no file)
backup-20070221-161910-117 O2 - BHO: (no name) - {F3CC2E56-060E-41D1-4465-B59D3526FC49} - (no file)
backup-20070221-161910-134 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
backup-20070221-161910-145 O2 - BHO: (no name) - {AB8DB237-0CE1-A972-1B2B-5CE0FFFD1C3F} - (no file)
backup-20070221-161910-153 O2 - BHO: (no name) - {43D1C9AE-AF29-732F-2701-18DCCB05E4FD} - C:\WINNT\system32\jtjynujf.dll
backup-20070221-161910-160 O2 - BHO: (no name) - {67AE2A9A-679A-A027-9906-C5C455612579} - (no file)
backup-20070221-161910-164 O2 - BHO: (no name) - {AF2CBC69-416A-2064-C0E7-DBBB4AA4A5D1} - (no file)
backup-20070221-161910-181 O2 - BHO: (no name) - {F42E3E1D-4958-6206-E6E5-B12283968EC1} - (no file)
backup-20070221-161910-190 O2 - BHO: (no name) - {D77DBE40-9923-7760-9C3E-D93FFE6EDBD1} - (no file)
backup-20070221-161910-199 O2 - BHO: (no name) - {0E518F62-9B16-3CAB-16DC-1D6F0CD5C72E} - (no file)
backup-20070221-161910-200 O2 - BHO: (no name) - {CEA2E8DC-3B01-25CD-7544-BEA8F3741EF4} - (no file)
backup-20070221-161910-209 O2 - BHO: (no name) - {629484DF-3DBE-7F80-3699-1B2468233287} - (no file)
backup-20070221-161910-210 O2 - BHO: (no name) - {9CFF764D-1444-2EA0-16F7-59F49763E6E5} - (no file)
backup-20070221-161910-214 O2 - BHO: (no name) - {876FAAFD-1116-E642-3F02-9089E5180E28} - (no file)
backup-20070221-161910-224 O2 - BHO: (no name) - {558AE84A-10A7-EE53-86D4-44EE399D7723} - (no file)
backup-20070221-161910-234 O2 - BHO: (no name) - {83E897B8-A254-350A-CA28-E4500E65C579} - (no file)
backup-20070221-161910-236 O2 - BHO: (no name) - {0BDF2A95-3F5A-66FB-58CD-EB045BCCD127} - (no file)
backup-20070221-161910-242 O2 - BHO: (no name) - {38C5C06F-B701-AB17-4580-048A6D208280} - (no file)
backup-20070221-161910-270 O2 - BHO: (no name) - {3FDD8BDA-B490-4F39-77C3-23E33A89019F} - (no file)
backup-20070221-161910-274 O2 - BHO: (no name) - {A33B3844-631B-5089-CA98-409199468AC8} - (no file)
backup-20070221-161910-288 O2 - BHO: (no name) - {AC2B0794-4C79-4989-E4AE-DB9F7C90A8B1} - (no file)
backup-20070221-161910-289 O2 - BHO: (no name) - {A4EB1EE8-3613-18C5-8993-FFB8EDD1027A} - (no file)
backup-20070221-161910-293 O2 - BHO: (no name) - {E06FC566-61AB-D2FC-5B1A-B47BD4BDDBFB} - (no file)
backup-20070221-161910-303 O2 - BHO: (no name) - {277C8BC3-819D-6CE7-9470-B51A6054EBAD} - (no file)
backup-20070221-161910-306 O2 - BHO: (no name) - {8FD3AA9A-8C51-C4B9-61AB-50D81F1F8F7E} - (no file)
backup-20070221-161910-319 O2 - BHO: (no name) - {3DDBD5AB-C729-F799-8DEE-7EB2AC71F184} - (no file)
backup-20070221-161910-327 O2 - BHO: (no name) - {13E26E36-513C-CAEC-23DF-308281268B82} - (no file)
backup-20070221-161910-329 O2 - BHO: (no name) - {E0A30F7B-8B73-71A3-DA9F-CB617DD92224} - C:\WINNT\system32\ogltinel.dll (file missing)
backup-20070221-161910-334 O2 - BHO: (no name) - {13471D63-9D62-BB6F-33AB-8E021ADB15DE} - (no file)
backup-20070221-161910-340 O2 - BHO: (no name) - {710727FC-05F9-BC73-F6D9-766735BD1055} - (no file)
backup-20070221-161910-341 O2 - BHO: (no name) - {B5B64B29-5EB4-F1CF-9C39-8B6260D40AD9} - (no file)
backup-20070221-161910-350 O2 - BHO: (no name) - {1D378946-6285-C898-BBBC-C4612B035AFA} - (no file)
backup-20070221-161910-372 O2 - BHO: (no name) - {D92194E7-FE61-72D2-8C4C-FC3716A81A77} - (no file)
backup-20070221-161910-394 O2 - BHO: (no name) - {80C6C54B-05D4-19EF-1902-9067F01CB0B2} - (no file)
backup-20070221-161910-399 O2 - BHO: (no name) - {AF553760-D999-F672-40DF-4938B1E3DC46} - (no file)
backup-20070221-161910-402 O2 - BHO: (no name) - {F2DE4280-102F-0680-003F-8981A03D8981} - C:\WINNT\system32\ymhkhszx.dll (file missing)
backup-20070221-161910-403 O2 - BHO: (no name) - {C3E53255-32FB-B2F9-2688-9B93B511E388} - (no file)
backup-20070221-161910-421 O2 - BHO: (no name) - {0B51759C-4CF3-238A-FF2C-9417133AC00E} - (no file)
backup-20070221-161910-447 O2 - BHO: (no name) - {47FD1A4B-0C59-EA9C-8DBB-B93D37025D9F} - (no file)
backup-20070221-161910-452 O2 - BHO: (no name) - {5BCEFCC6-D9C6-6D55-CFA8-DAA2BC98BE49} - (no file)
backup-20070221-161910-456 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
backup-20070221-161910-459 O2 - BHO: (no name) - {6A5DD275-06AC-AE04-EEC1-6473C3E8C354} - (no file)
backup-20070221-161910-466 O2 - BHO: (no name) - {114913D3-184A-47AD-CE60-C0D460E0B89E} - (no file)
backup-20070221-161910-472 O2 - BHO: (no name) - {4F722CB0-7B12-BB48-4205-3C9AA9149C4B} - (no file)
backup-20070221-161910-480 O2 - BHO: (no name) - {AC231102-3147-6723-0DED-D29AFD966E84} - (no file)
backup-20070221-161910-481 O2 - BHO: (no name) - {FA1EDD16-EFD8-9329-649F-B8971261E89C} - (no file)
backup-20070221-161910-484 O2 - BHO: (no name) - {D4C0B0D5-8AA6-7574-747E-7BC1DC8B5B83} - (no file)
backup-20070221-161910-500 O2 - BHO: (no name) - {519024E4-A5AD-7D3C-0F69-9761A942453C} - (no file)
backup-20070221-161910-501 O2 - BHO: (no name) - {AA70B7BC-E713-B137-0B8C-4DC1F456FF93} - (no file)
backup-20070221-161910-545 O2 - BHO: (no name) - {282A0F45-4C75-D1B3-7D1A-3FE1FDA1FC4A} - (no file)
backup-20070221-161910-548 O2 - BHO: (no name) - {39E49DCF-C2A7-5CF7-9460-0B4E3F64C1E7} - (no file)
backup-20070221-161910-553 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab
backup-20070221-161910-575 O2 - BHO: (no name) - {F2DE4280-102F-0680-00EF-7B81A0ED7B81} - (no file)
backup-20070221-161910-589 O2 - BHO: (no name) - {477AFA08-5294-C8E1-C079-1F114B868287} - (no file)
backup-20070221-161910-612 O2 - BHO: (no name) - {A11166D2-8498-7887-03A5-0999A16247D0} - (no file)
backup-20070221-161910-613 O2 - BHO: (no name) - {1C6B2F8F-6843-B9DC-D1C1-8B066B615CAC} - (no file)
backup-20070221-161910-627 O2 - BHO: (no name) - {F708D16F-268F-AE75-EDB3-C4C7BAD2CE19} - (no file)
backup-20070221-161910-646 O2 - BHO: (no name) - {446AA9EB-A987-6BC7-5B12-17697DC5BFFB} - (no file)
backup-20070221-161910-649 O2 - BHO: (no name) - {C8CA2DA0-B69C-D575-4843-23C89AE17A3E} - (no file)
backup-20070221-161910-665 O2 - BHO: (no name) - {119C92D5-8A65-439B-CC9F-5EF59240DFA2} - (no file)
backup-20070221-161910-682 O2 - BHO: (no name) - {520F8451-9C4C-C442-CBC5-923B05515FD5} - (no file)
backup-20070221-161910-695 O2 - BHO: (no name) - {A89CA73E-CD7D-10FB-E976-4652EB98C8F4} - (no file)
backup-20070221-161910-699 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
backup-20070221-161910-709 O2 - BHO: (no name) - {6F718049-2F8C-210E-F202-9191A0AD54BF} - (no file)
backup-20070221-161910-714 O2 - BHO: (no name) - {4C9BDE33-82F4-806F-03A1-019A98302AD1} - (no file)
backup-20070221-161910-719 O2 - BHO: (no name) - {A517C0D3-9901-34CF-3CDD-2E2D635DB829} - (no file)
backup-20070221-161910-723 O2 - BHO: (no name) - {C5122225-8459-BF6B-D007-8A5767993D43} - (no file)
backup-20070221-161910-727 O2 - BHO: (no name) - {DF87B759-39F4-6E12-768E-929C949D56F6} - (no file)
backup-20070221-161910-736 O2 - BHO: (no name) - {E92A9C25-C118-D5C1-1A55-D67531826253} - (no file)
backup-20070221-161910-737 O2 - BHO: (no name) - {68E602D4-03F6-0CEF-A7C1-46C1D93DF620} - (no file)
backup-20070221-161910-758 O2 - BHO: (no name) - {FA1250D0-8461-DD7B-BC82-5578E1705466} - (no file)
backup-20070221-161910-766 O2 - BHO: (no name) - {A458692C-C0E8-955B-2A90-1875BAEEC437} - (no file)
backup-20070221-161910-775 O2 - BHO: (no name) - {4D33CD40-69D8-5879-CBB9-F556C5168BE5} - (no file)
backup-20070221-161910-779 O2 - BHO: (no name) - {BC85BFF6-7F02-6FB4-B976-B5418E30D80A} - (no file)
backup-20070221-161910-786 O2 - BHO: (no name) - {AE35DAFE-CE81-C083-6B56-D93411B85036} - (no file)
backup-20070221-161910-790 O2 - BHO: (no name) - {578A36DB-C34F-2F5B-BC45-C54F4B2BEF86} - (no file)
backup-20070221-161910-793 O2 - BHO: (no name) - {EE29F4DB-65F0-E2F7-411C-BF76E443B740} - (no file)
backup-20070221-161910-820 O2 - BHO: (no name) - {31AED17D-55BA-FF5D-DA02-D1ED0FBEE8A1} - (no file)
backup-20070221-161910-827 O2 - BHO: (no name) - {DB093CBD-2E6D-8AC7-9B72-4F46E2C21C88} - (no file)
backup-20070221-161910-839 O2 - BHO: (no name) - {62221C3E-48C7-539D-987E-70F8974FFD77} - (no file)
backup-20070221-161910-840 O2 - BHO: (no name) - {EA30C14B-0A3C-25CB-D140-D603BC6DAB76} - (no file)
backup-20070221-161910-855 O2 - BHO: (no name) - {9338B1D5-9DAA-0B85-F2BC-FB2A4CCFECA9} - (no file)
backup-20070221-161910-856 O2 - BHO: (no name) - {050E5558-FE0C-EDC7-9F6A-C336AE3D3299} - (no file)
backup-20070221-161910-864 O2 - BHO: (no name) - {84FFB8BD-DE71-F908-69BE-3BE5939F12A7} - (no file)
backup-20070221-161910-865 O2 - BHO: (no name) - {8A67185A-DFE5-DF0E-9D91-49321DBD8A63} - (no file)
backup-20070221-161910-871 O2 - BHO: (no name) - {528FC82B-F796-B966-9C1D-ED80814F59F4} - (no file)
backup-20070221-161910-872 O2 - BHO: (no name) - {6849BAFE-A94C-9BDE-BA57-3DA6F97F2348} - (no file)
backup-20070221-161910-873 O2 - BHO: (no name) - {270343E5-08B6-8303-498D-17E3A8CE4AF6} - (no file)
backup-20070221-161910-876 O2 - BHO: (no name) - {69A8DA1A-31B3-C719-A4D4-824AA4D8A7A0} - (no file)
backup-20070221-161910-897 O2 - BHO: (no name) - {D4EC93F1-3315-0EEE-3EA9-81FE429F3D79} - (no file)
backup-20070221-161910-907 O2 - BHO: (no name) - {362D77E9-3746-426B-16FD-C955AC2B80A5} - (no file)
backup-20070221-161910-911 O2 - BHO: (no name) - {8DBBB93D-3702-5D9F-0DDB-5F2829572040} - (no file)
backup-20070221-161910-912 O2 - BHO: (no name) - {66B788FC-823E-0FB2-E506-FA4F55233022} - (no file)
backup-20070221-161910-920 O2 - BHO: (no name) - {4C30EE36-48B4-B782-DEB2-EA2E3F50A7D4} - (no file)
backup-20070221-161910-930 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
backup-20070221-161910-933 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
backup-20070221-161910-939 O2 - BHO: (no name) - {0317792C-35F4-229D-7AAB-EA0BC8CDFA15} - (no file)
backup-20070221-161910-943 O2 - BHO: (no name) - {945FC1AA-8AF8-A4A3-9E1D-8F6340D91A9E} - (no file)
backup-20070221-161910-947 O2 - BHO: (no name) - {AF1D0EB8-7CDE-856D-16E2-A439B9CE1F4A} - (no file)
backup-20070221-161910-955 O2 - BHO: (no name) - {E436E03D-B37F-ED57-A2F3-DEDE3793CCF6} - (no file)
backup-20070221-161910-958 O2 - BHO: (no name) - {4C4CF45A-3C1E-D765-CC58-5FC663E52953} - (no file)
backup-20070221-161910-960 O2 - BHO: (no name) - {70717F23-A4A5-714A-CC0D-5DBFCA5902A4} - (no file)
backup-20070221-161910-971 O2 - BHO: (no name) - {39C5B42E-3D81-68B9-9C67-F37773324C65} - (no file)
backup-20070221-161910-996 O2 - BHO: (no name) - {ECA6015D-4B79-CF8D-1BB8-7779FA4DCD2A} - (no file)
backup-20070221-161912-504 O20 - Winlogon Notify: wavebin - C:\DOCUME~1\CGEY\LOCALS~1\Temp\nibevaw.dat (file missing)
backup-20070221-161912-786 O20 - Winlogon Notify: fontcat - C:\DOCUME~1\CGEY\LOCALS~1\Temp\tactnof.dat (file missing)
backup-20070221-161912-860 O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://axis-73356a.axiscam.net:1280/activex/AMC.cab
backup-20070221-161912-885 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://i.grab.com/media/d82c8d/games/files...aploader_v6.cab

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINNT\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - unable to read key
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3S apxgtaps - C:\WINNT\system32\drivers\apxgtaps.sys (not found)
1R AVG Anti-Spyware Driver - C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINNT\system32\drivers\AvgAsCln.sys
3S bcjtrsly - C:\WINNT\system32\drivers\bcjtrsly.sys (not found)
3S CCDECODE (Closed Caption Decoder) - C:\WINNT\system32\drivers\ccdecode.sys
3S cibgqqhu - C:\WINNT\system32\drivers\cibgqqhu.sys (not found)
3R ctljystk (Game Port for Creative SB Live!) - C:\WINNT\system32\drivers\ctljystk.sys
3S ddsdaoti - C:\WINNT\system32\drivers\ddsdaoti.sys (not found)
3S dggjtahn - C:\WINNT\system32\drivers\dggjtahn.sys (not found)
3R dsdd - C:\WINNT\system32\drivers\dsvideo.sys
3S EL90BC (3Com EtherLink XL B/C Adapter Driver) - C:\WINNT\system32\drivers\el90xbc5.sys
3R emu10k (Creative SB Live! Basic (WDM)) - C:\WINNT\system32\drivers\emu10K1.sys
3S feyalylr - C:\WINNT\system32\drivers\feyalylr.sys (not found)
3S fffcvzhi - C:\WINNT\system32\drivers\fffcvzhi.sys (not found)
3S gspeqrfk - C:\WINNT\system32\drivers\gspeqrfk.sys (not found)
3S gysornjs - C:\WINNT\system32\drivers\gysornjs.sys (not found)
2S HidUsb (Microsoft HID Class Driver) - C:\WINNT\system32\drivers\hidusb.sys
3R HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINNT\system32\drivers\HPZid412.sys
3R HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINNT\system32\drivers\HPZipr12.sys
3R HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINNT\system32\drivers\HPZius12.sys
3R HSFHWBS2 - C:\WINNT\system32\drivers\HSFHWBS2.sys
3R HSF_DP - C:\WINNT\system32\drivers\HSF_DP.sys
3S iaalmcwz - C:\WINNT\system32\drivers\iaalmcwz.sys (not found)
3S imzoogpf - C:\WINNT\system32\drivers\imzoogpf.sys (not found)
3S irzzdeji - C:\WINNT\system32\drivers\irzzdeji.sys (not found)
3S jextbtkf - C:\WINNT\system32\drivers\jextbtkf.sys (not found)
3S jnbuwrrd - C:\WINNT\system32\drivers\jnbuwrrd.sys (not found)
1S kbdhid (Keyboard HID Driver) - C:\WINNT\system32\drivers\kbdhid.sys
3S kjmmiiig - C:\WINNT\system32\drivers\kjmmiiig.sys (not found)
3S kjsuergs - C:\WINNT\system32\drivers\kjsuergs.sys (not found)
3S kknmsblr - C:\WINNT\system32\drivers\kknmsblr.sys (not found)
3S ksaoqgbx - C:\WINNT\system32\drivers\ksaoqgbx.sys (not found)
3S lgcxfjdw - C:\WINNT\system32\drivers\lgcxfjdw.sys (not found)
3S lpryleto - C:\WINNT\system32\drivers\lpryleto.sys (not found)
3S lvsjpwad - C:\WINNT\system32\drivers\lvsjpwad.sys (not found)
2R mdmxsdk - C:\WINNT\system32\drivers\mdmxsdk.sys
3S meinkjtd - C:\WINNT\system32\drivers\meinkjtd.sys (not found)
3R MODEMCSA (Unimodem Streaming Filter Device) - C:\WINNT\system32\drivers\MODEMCSA.sys
3S MPE (BDA MPE Filter) - C:\WINNT\system32\drivers\mpe.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINNT\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINNT\system32\drivers\nabtsfec.sys
3R NaiFiltr - C:\WINNT\system32\drivers\NaiFiltr.sys
0R NaiFsRec - C:\WINNT\system32\drivers\NaiFsRec.sys
3S nhylldcx - C:\WINNT\system32\drivers\nhylldcx.sys (not found)
3R nv4 - C:\WINNT\system32\drivers\nv4_mini.sys
3S odzgcegr - C:\WINNT\system32\drivers\odzgcegr.sys (not found)
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINNT\system32\drivers\ohci1394.sys
3S ooaobzjb - C:\WINNT\system32\drivers\ooaobzjb.sys (not found)
3S pczvmrzh - C:\WINNT\system32\drivers\pczvmrzh.sys (not found)
3R pfc (Padus ASPI Shell) - C:\WINNT\system32\drivers\pfc.sys
3S phqghume - C:\WINNT\system32\drivers\phqghume.sys (not found)
0R PxHelp20 - C:\WINNT\system32\drivers\pxhelp20.sys
3S qpocmmiz - C:\WINNT\system32\drivers\qpocmmiz.sys (not found)
3S qqrvuclg - C:\WINNT\system32\drivers\qqrvuclg.sys (not found)
3S qxigobcz - C:\WINNT\system32\drivers\qxigobcz.sys (not found)
3S rmvrviya - C:\WINNT\system32\drivers\rmvrviya.sys (not found)
1R SASDIFSV - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
3R SASENUM - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
1R SASKUTIL - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2R SBAPIFS (CounterSpy Filter Driver) - C:\WINNT\system32\drivers\sbapifs.sys
0R SBHR - C:\WINNT\system32\drivers\sbhr.sys
3S SLIP (BDA Slip De-Framer) - C:\WINNT\system32\drivers\slip.sys
1R sp_rsdrv2 (Spyware Terminator Driver 2) - C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys
3S streamip (BDA IPSink) - C:\WINNT\system32\drivers\streamip.sys
3R usbcm (USB Cable Modem 351000 NDIS Driver) - C:\WINNT\system32\drivers\usbcm.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINNT\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINNT\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINNT\system32\drivers\USBSTOR.SYS
3S USB_RNDIS (USB Remote NDIS Network Device Driver) - C:\WINNT\system32\drivers\usb8023k.sys
3S vhddsnkz - C:\WINNT\system32\drivers\vhddsnkz.sys (not found)
3S whlxbiyo - C:\WINNT\system32\drivers\whlxbiyo.sys (not found)
3R winachsf - C:\WINNT\system32\drivers\HSF_CNXT.sys
3S wjmkxqev - C:\WINNT\system32\drivers\wjmkxqev.sys (not found)
2R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINNT\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINNT\system32\drivers\wstcodec.sys
3S wwwtaayq - C:\WINNT\system32\drivers\wwwtaayq.sys (not found)
3S xbucnvqx - C:\WINNT\system32\drivers\xbucnvqx.sys (not found)
3S xbvwhtld - C:\WINNT\system32\drivers\xbvwhtld.sys (not found)
3S xkhpokgb - C:\WINNT\system32\drivers\xkhpokgb.sys (not found)
3S xtkhzfer - C:\WINNT\system32\drivers\xtkhzfer.sys (not found)
3S yunucbhx - C:\WINNT\system32\drivers\yunucbhx.sys (not found)
3S zhmqnwgu - C:\WINNT\system32\drivers\zhmqnwgu.sys (not found)
3S zkbglpjq - C:\WINNT\system32\drivers\zkbglpjq.sys (not found)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S 5 (vfqhmtiuaium) - C:\WINNT\system32\5.exe
3S aspnet_state (ASP.NET State Service) - C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AVG Anti-Spyware Guard - C:\Documents and Settings\CGEY\Desktop\Computer Cleaning Tools\AVG Anti-Spyware 7.5\guard.exe
3R McShield (McAfee.com McShield) - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
2R McTskshd.exe (McAfee Task Scheduler) - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
3S mcupdmgr.exe (McAfee SecurityCenter Update Manager) - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
2R MCVSRte (McAfee.com VirusScan Online Realtime Engine) - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
2R MskService (McAfee SpamKiller Server) - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
4S MsUpdate6 (xyhnbynnbogz) - C:\WINNT\system32\msupd6.exe
2R Pml Driver HPZ12 - C:\WINNT\system32\HPZipm12.exe
2R SBCSSvc (Sunbelt CounterSpy Antispyware) - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
2R StiSvc (Still Image Service) - C:\WINNT\system32\stisvc.exe
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINNT\System32\svchost.exe -k netsvcs


-- Files created between 2007-01-22 and 2007-02-22 ------------------------------

2007-02-21 18:04:08 0 --a------ C:\WINNT\system32\SBRC.dat
2007-02-21 18:04:08 0 --a------ C:\WINNT\system32\SBFC.dat
2007-02-21 17:55:51 54200 --a------ C:\WINNT\system32\drivers\sbapifs.sys
2007-02-21 17:55:50 15544 --a------ C:\WINNT\system32\drivers\sbhr.sys
2007-02-21 17:55:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software<SUNBEL~1>
2007-02-21 17:54:39 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-21 15:45:35 3968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-02-21 11:10:37 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-21 10:24:40 0 d-------- C:\Program Files\CCleaner
2007-02-21 09:37:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-21 09:37:35 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-02-21 09:37:35 0 d-------- C:\Documents and Settings\CGEY\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-21 09:36:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-15 19:48:59 1628 --a------ C:\WINNT\system32\tmp.reg
2007-02-10 10:24:54 24816 --a------ C:\WINNT\system32\SBBD.exe


-- Find3M Report ----------------------------------------------------------------

2007-02-01 14:37:44 0 d-------- C:\Documents and Settings\CGEY\Application Data\Image Zone Express<IMAGEZ~1>
2007-01-19 10:36:19 0 d-------- C:\Documents and Settings\CGEY\Application Data\Identities<IDENTI~1>
2007-01-18 18:04:19 0 d-a------ C:\Program Files\Spyware Terminator<SPYWAR~1>
2007-01-18 16:37:51 0 d-------- C:\Program Files\AOL
2007-01-18 16:37:48 0 d-------- C:\Program Files\Common Files\AOL
2007-01-16 12:59:13 91010 --a------ C:\WINNT\hpiins01.dat
2007-01-16 12:58:52 0 d-------- C:\Program Files\HP
2006-12-28 16:00:57 0 d-------- C:\Program Files\F?nts
2006-12-28 12:44:00 4 --ah----- C:\WINNT\uccspecb.sys
2006-12-27 10:29:35 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2006-12-25 09:04:07 0 d-------- C:\Program Files\eMusic Download Manager<EMUSIC~1>
2006-12-25 08:00:58 0 d-------- C:\Documents and Settings\CGEY\Application Data\InstallShield<INSTAL~1>
2006-12-01 23:08:27 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_628.dat<PERFLI~3.DAT>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Registry Cleaner"="\"C:\\Program Files\\Registry Cleaner\\RegClean.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Shredder 5\\SHRED32.EXE\" /q C:\\PROGRA~1\\YAHOO!\\MESSEN~1.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\d32-fw.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ft60.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\idle.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\msvcp71.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\msvcr71.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\MyYahoo.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\pcre.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\res_msgr.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\stock.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\XMLParse.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\Xmltok.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\YAHOOB~1.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ygxa_2.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\Yml.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\YPager.SH! C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\YMSGR_~1.SH! C:\\WINNT\\Speech\\Voices\\Voc2\\MESSEN~1\\res_msgr.SH! C:\\WINNT\\Speech\\Voices\\Voc2\\Installs\\MESSEN~1\\msvcr71.SH! C:\\WINNT\\Speech\\Voices\\Voc2\\Installs\\MESSEN~1\\idle.SH! C:\\WINNT\\Speech\

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"!AVG Anti-Spyware"="\"C:\\Documents and Settings\\CGEY\\Desktop\\Computer Cleaning Tools\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
@=""
"SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{309BCFF1-031D-1033-0731-000615990001}"="\"C:\\Program Files\\Common Files\\{309BCFF1-031D-1033-0731-000615990001}\\Update.exe\" te-110-12-0000132"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0



-- End of ComboScan: finished at 2007-02-22 at 10:35:26 -------------------------

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 22 February 2007 - 01:23 PM

Download ToolbarCop to delete these Browser Helper Objects [BHO]:
http://windowsxp.mvps.org/toolbarcop.htm

O2 - BHO: (no name) - {0317792C-35F4-229D-7AAB-EA0BC8CDFA15} - (no file)
O2 - BHO: (no name) - {050E5558-FE0C-EDC7-9F6A-C336AE3D3299} - (no file)
O2 - BHO: (no name) - {06DCC00C-821A-8B53-27D3-031DD3E5ECD9} - (no file)
O2 - BHO: (no name) - {0B51759C-4CF3-238A-FF2C-9417133AC00E} - (no file)
O2 - BHO: (no name) - {0BDF2A95-3F5A-66FB-58CD-EB045BCCD127} - (no file)
O2 - BHO: (no name) - {0E518F62-9B16-3CAB-16DC-1D6F0CD5C72E} - (no file)
O2 - BHO: (no name) - {114913D3-184A-47AD-CE60-C0D460E0B89E} - (no file)
O2 - BHO: (no name) - {119C92D5-8A65-439B-CC9F-5EF59240DFA2} - (no file)
O2 - BHO: (no name) - {13471D63-9D62-BB6F-33AB-8E021ADB15DE} - (no file)
O2 - BHO: (no name) - {13E26E36-513C-CAEC-23DF-308281268B82} - (no file)
O2 - BHO: (no name) - {1C6B2F8F-6843-B9DC-D1C1-8B066B615CAC} - (no file)
O2 - BHO: (no name) - {1D378946-6285-C898-BBBC-C4612B035AFA} - (no file)
O2 - BHO: (no name) - {270343E5-08B6-8303-498D-17E3A8CE4AF6} - (no file)
O2 - BHO: (no name) - {277C8BC3-819D-6CE7-9470-B51A6054EBAD} - (no file)
O2 - BHO: (no name) - {282A0F45-4C75-D1B3-7D1A-3FE1FDA1FC4A} - (no file)
O2 - BHO: (no name) - {31AED17D-55BA-FF5D-DA02-D1ED0FBEE8A1} - (no file)
O2 - BHO: (no name) - {362D77E9-3746-426B-16FD-C955AC2B80A5} - (no file)
O2 - BHO: (no name) - {38C5C06F-B701-AB17-4580-048A6D208280} - (no file)
O2 - BHO: (no name) - {39C5B42E-3D81-68B9-9C67-F37773324C65} - (no file)
O2 - BHO: (no name) - {39E49DCF-C2A7-5CF7-9460-0B4E3F64C1E7} - (no file)
O2 - BHO: (no name) - {3DDBD5AB-C729-F799-8DEE-7EB2AC71F184} - (no file)
O2 - BHO: (no name) - {3FDD8BDA-B490-4F39-77C3-23E33A89019F} - (no file)
O2 - BHO: (no name) - {43D1C9AE-AF29-732F-2701-18DCCB05E4FD} - (no file)
O2 - BHO: (no name) - {446AA9EB-A987-6BC7-5B12-17697DC5BFFB} - (no file)
O2 - BHO: (no name) - {477AFA08-5294-C8E1-C079-1F114B868287} - (no file)
O2 - BHO: (no name) - {47FD1A4B-0C59-EA9C-8DBB-B93D37025D9F} - (no file)
O2 - BHO: (no name) - {4C30EE36-48B4-B782-DEB2-EA2E3F50A7D4} - (no file)
O2 - BHO: (no name) - {4C4CF45A-3C1E-D765-CC58-5FC663E52953} - (no file)
O2 - BHO: (no name) - {4C9BDE33-82F4-806F-03A1-019A98302AD1} - (no file)
O2 - BHO: (no name) - {4D33CD40-69D8-5879-CBB9-F556C5168BE5} - (no file)
O2 - BHO: (no name) - {4F722CB0-7B12-BB48-4205-3C9AA9149C4B} - (no file)
O2 - BHO: (no name) - {519024E4-A5AD-7D3C-0F69-9761A942453C} - (no file)
O2 - BHO: (no name) - {520F8451-9C4C-C442-CBC5-923B05515FD5} - (no file)
O2 - BHO: (no name) - {528FC82B-F796-B966-9C1D-ED80814F59F4} - (no file)
O2 - BHO: (no name) - {558AE84A-10A7-EE53-86D4-44EE399D7723} - (no file)
O2 - BHO: (no name) - {578A36DB-C34F-2F5B-BC45-C54F4B2BEF86} - (no file)
O2 - BHO: (no name) - {5BCEFCC6-D9C6-6D55-CFA8-DAA2BC98BE49} - (no file)
O2 - BHO: (no name) - {62221C3E-48C7-539D-987E-70F8974FFD77} - (no file)
O2 - BHO: (no name) - {629484DF-3DBE-7F80-3699-1B2468233287} - (no file)
O2 - BHO: (no name) - {656A3F48-BB89-F412-4C9B-DE3382F4806F} - (no file)
O2 - BHO: (no name) - {66B788FC-823E-0FB2-E506-FA4F55233022} - (no file)
O2 - BHO: (no name) - {67AE2A9A-679A-A027-9906-C5C455612579} - (no file)
O2 - BHO: (no name) - {6849BAFE-A94C-9BDE-BA57-3DA6F97F2348} - (no file)
O2 - BHO: (no name) - {68E602D4-03F6-0CEF-A7C1-46C1D93DF620} - (no file)
O2 - BHO: (no name) - {69A8DA1A-31B3-C719-A4D4-824AA4D8A7A0} - (no file)
O2 - BHO: (no name) - {6A5DD275-06AC-AE04-EEC1-6473C3E8C354} - (no file)
O2 - BHO: (no name) - {6F718049-2F8C-210E-F202-9191A0AD54BF} - (no file)
O2 - BHO: (no name) - {70717F23-A4A5-714A-CC0D-5DBFCA5902A4} - (no file)
O2 - BHO: (no name) - {710727FC-05F9-BC73-F6D9-766735BD1055} - (no file)
O2 - BHO: (no name) - {80C6C54B-05D4-19EF-1902-9067F01CB0B2} - (no file)
O2 - BHO: (no name) - {83E897B8-A254-350A-CA28-E4500E65C579} - (no file)
O2 - BHO: (no name) - {84FFB8BD-DE71-F908-69BE-3BE5939F12A7} - (no file)
O2 - BHO: (no name) - {876FAAFD-1116-E642-3F02-9089E5180E28} - (no file)
O2 - BHO: (no name) - {8A67185A-DFE5-DF0E-9D91-49321DBD8A63} - (no file)
O2 - BHO: (no name) - {8DBBB93D-3702-5D9F-0DDB-5F2829572040} - (no file)
O2 - BHO: (no name) - {8FD3AA9A-8C51-C4B9-61AB-50D81F1F8F7E} - (no file)
O2 - BHO: (no name) - {9338B1D5-9DAA-0B85-F2BC-FB2A4CCFECA9} - (no file)
O2 - BHO: (no name) - {945FC1AA-8AF8-A4A3-9E1D-8F6340D91A9E} - (no file)
O2 - BHO: (no name) - {9CFF764D-1444-2EA0-16F7-59F49763E6E5} - (no file)
O2 - BHO: (no name) - {A11166D2-8498-7887-03A5-0999A16247D0} - (no file)
O2 - BHO: (no name) - {A33B3844-631B-5089-CA98-409199468AC8} - (no file)
O2 - BHO: (no name) - {A458692C-C0E8-955B-2A90-1875BAEEC437} - (no file)
O2 - BHO: (no name) - {A4EB1EE8-3613-18C5-8993-FFB8EDD1027A} - (no file)
O2 - BHO: (no name) - {A517C0D3-9901-34CF-3CDD-2E2D635DB829} - (no file)
O2 - BHO: (no name) - {A89CA73E-CD7D-10FB-E976-4652EB98C8F4} - (no file)
O2 - BHO: (no name) - {AA70B7BC-E713-B137-0B8C-4DC1F456FF93} - (no file)
O2 - BHO: (no name) - {AB8DB237-0CE1-A972-1B2B-5CE0FFFD1C3F} - (no file)
O2 - BHO: (no name) - {AC231102-3147-6723-0DED-D29AFD966E84} - (no file)
O2 - BHO: (no name) - {AC2B0794-4C79-4989-E4AE-DB9F7C90A8B1} - (no file)
O2 - BHO: (no name) - {AE35DAFE-CE81-C083-6B56-D93411B85036} - (no file)
O2 - BHO: (no name) - {AF1D0EB8-7CDE-856D-16E2-A439B9CE1F4A} - (no file)
O2 - BHO: (no name) - {AF2CBC69-416A-2064-C0E7-DBBB4AA4A5D1} - (no file)
O2 - BHO: (no name) - {AF553760-D999-F672-40DF-4938B1E3DC46} - (no file)
O2 - BHO: (no name) - {B5B64B29-5EB4-F1CF-9C39-8B6260D40AD9} - (no file)
O2 - BHO: (no name) - {BC85BFF6-7F02-6FB4-B976-B5418E30D80A} - (no file)
O2 - BHO: (no name) - {C3E53255-32FB-B2F9-2688-9B93B511E388} - (no file)
O2 - BHO: (no name) - {C5122225-8459-BF6B-D007-8A5767993D43} - (no file)
O2 - BHO: (no name) - {C8CA2DA0-B69C-D575-4843-23C89AE17A3E} - (no file)
O2 - BHO: (no name) - {CEA2E8DC-3B01-25CD-7544-BEA8F3741EF4} - (no file)
O2 - BHO: (no name) - {D4C0B0D5-8AA6-7574-747E-7BC1DC8B5B83} - (no file)
O2 - BHO: (no name) - {D4EC93F1-3315-0EEE-3EA9-81FE429F3D79} - (no file)
O2 - BHO: (no name) - {D77DBE40-9923-7760-9C3E-D93FFE6EDBD1} - (no file)
O2 - BHO: (no name) - {D92194E7-FE61-72D2-8C4C-FC3716A81A77} - (no file)
O2 - BHO: (no name) - {DB093CBD-2E6D-8AC7-9B72-4F46E2C21C88} - (no file)
O2 - BHO: (no name) - {DF87B759-39F4-6E12-768E-929C949D56F6} - (no file)
O2 - BHO: (no name) - {E06FC566-61AB-D2FC-5B1A-B47BD4BDDBFB} - (no file)
O2 - BHO: (no name) - {E0A30F7B-8B73-71A3-DA9F-CB617DD92224} - (no file)
O2 - BHO: (no name) - {E436E03D-B37F-ED57-A2F3-DEDE3793CCF6} - (no file)
O2 - BHO: (no name) - {E92A9C25-C118-D5C1-1A55-D67531826253} - (no file)
O2 - BHO: (no name) - {EA30C14B-0A3C-25CB-D140-D603BC6DAB76} - (no file)
O2 - BHO: (no name) - {ECA6015D-4B79-CF8D-1BB8-7779FA4DCD2A} - (no file)
O2 - BHO: (no name) - {EE29F4DB-65F0-E2F7-411C-BF76E443B740} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-003F-8981A03D8981} - (no file)
O2 - BHO: (no name) - {F2DE4280-102F-0680-00EF-7B81A0ED7B81} - (no file)
O2 - BHO: (no name) - {F3CC2E56-060E-41D1-4465-B59D3526FC49} - (no file)
O2 - BHO: (no name) - {F42E3E1D-4958-6206-E6E5-B12283968EC1} - (no file)
O2 - BHO: (no name) - {F708D16F-268F-AE75-EDB3-C4C7BAD2CE19} - (no file)
O2 - BHO: (no name) - {FA1250D0-8461-DD7B-BC82-5578E1705466} - (no file)
O2 - BHO: (no name) - {FA1EDD16-EFD8-9329-649F-B8971261E89C} - (no file)

Reboot when you've done,post a new Hijackthis log into your next reply.
Posted Image
Posted Image

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 26 February 2007 - 09:40 AM

Due to the lack of feedback this topic will be closed.
If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users