PDA

View Full Version : post smitfraud-c.toolbar888 clean up?



geedees
2007-01-25, 00:31
I "believe" that I have removed smitfraud-c.toolbar888 from my PC as it does not show up on spybot anymore.

But I am no Expert and would like a double check.

Logfile of HijackThis v1.99.1
Scan saved at 5:25:06 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Puter\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks. :)

teacup61
2007-01-26, 04:44
Hello,

I notice that you do not seem to be running Antivirus software or a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them!!

AVG (http://free.grisoft.com/freeweb.php/doc/2/), Avira (http://www.free-av.com/) OR Avast (http://www.avast.com/) are good FREE antivirus.Some good free firewalls are ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za), or Outpost (http://www.agnitum.com/products/outpostfree/download.php)
A tutorial on understanding and using firewalls may be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

When you've done this, run a full system scan. You are still infected, and this will help with the cleanup. :)

Thanks,
tea

geedees
2007-01-27, 07:30
Yep, done that.

Anything else?

teacup61
2007-01-27, 16:24
Hello,

A new HijackThis log please? :D:

geedees
2007-01-29, 19:23
Here you go.

Logfile of HijackThis v1.99.1
Scan saved at 12:20:40 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Puter\Desktop\alloallo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

teacup61
2007-01-30, 05:26
Hello,

Thanks for that. :)

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

geedees
2007-01-30, 07:31
Combofix

Puter - 07-01-02 22:44:32.63 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Puter\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{388C6779-08A2-1033-0719-060324060001}
C:\Program Files\Common Files\{A88C6779-08A2-1033-0719-060324060001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Puter\Application Data\CROSOF~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-02 to 2007-01-02 ))))))))))))))))))))))))))))))))))


2007-01-02 13:35 <DIR> d-------- C:\Program Files\OpenAL
2007-01-01 15:11 <DIR> d-------- C:\Program Files\StuffPlug3
2007-01-01 02:47 <DIR> d-------- C:\Westwood
2006-12-31 21:18 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-31 19:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-12-31 18:12 <DIR> d-------- C:\Program Files\System Security Suite 1.04
2006-12-31 17:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-31 16:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-31 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-31 12:13 2 --a------ C:\WINDOWS\system32\wcpit.exe
2006-12-31 02:47 <DIR> d--hs---- C:\WINDOWS\RGF2aWQgR2lic29u
2006-12-31 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-12-30 23:40 92,485 --a------ C:\gp.exe
2006-12-30 22:13 <DIR> d--hs---- C:\WINDOWS\system32\umcpdu
2006-12-30 14:38 <DIR> d-------- C:\Games
2006-12-29 11:12 52,224 --a------ C:\WINDOWS\ipuninst.exe
2006-12-29 11:12 <DIR> d-------- C:\Program Files\Interplay
2006-12-28 14:40 <DIR> d-------- C:\DeusEx
2006-12-28 02:45 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-12-28 02:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-12-28 02:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-12-27 21:34 <DIR> d-------- C:\Program Files\Google
2006-12-27 21:34 <DIR> d-------- C:\Documents and Settings\Puter\Application Data\Google
2006-12-26 21:51 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-26 21:51 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-26 21:51 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-26 21:51 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-26 21:51 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-26 21:51 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-26 21:51 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-26 21:51 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-26 21:50 53,248 --a------ C:\WINDOWS\ap561.exe
2006-12-26 21:50 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys
2006-12-26 21:50 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2006-12-26 21:50 <DIR> d-------- C:\WINDOWS\Setup2K
2006-12-19 21:34 <DIR> d-------- C:\Program Files\Octoshape Streaming Services
2006-12-14 16:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-14 16:41 <DIR> d-------- C:\Fraps
2006-12-13 20:23 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-12-13 20:23 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-12-13 20:23 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-12-13 20:22 <DIR> d-------- C:\Sierra
2006-12-10 23:55 <DIR> d-------- C:\Documents and Settings\Puter\Application Data\Ventrilo
2006-12-02 21:14 <DIR> d-------- C:\Documents and Settings\Puter\Application Data\Sierra
2006-12-02 19:04 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-02 22:45 -------- d-------- C:\Program Files\Common Files
2007-01-02 22:39 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-02 13:35 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-01-02 13:35 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-02 13:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-31 18:33 -------- d-------- C:\Program Files\WinRAR
2006-12-31 18:33 -------- d-------- C:\Program Files\Messenger
2006-12-31 18:33 -------- d-------- C:\Program Files\Internet Explorer
2006-12-31 15:51 -------- d-------- C:\Program Files\CureROM
2006-12-31 15:34 -------- d-------- C:\Program Files\a-squared Free
2006-12-31 01:03 -------- d---s---- C:\Documents and Settings\Puter\Application Data\Microsoft
2006-12-30 22:24 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-29 10:25 -------- d-------- C:\Program Files\PeerGuardian2
2006-12-29 10:25 -------- d-------- C:\Documents and Settings\Puter\Application Data\uTorrent
2006-12-29 02:23 -------- d-------- C:\Program Files\uTorrent
2006-12-28 14:03 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-12-22 09:14 -------- d-------- C:\Program Files\World of Warcraft
2006-12-14 12:58 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 12:58 -------- d-------- C:\Program Files\Common Files\System
2006-12-01 16:34 -------- d-------- C:\Program Files\PhotoFiltre
2006-11-29 09:48 -------- d-------- C:\Program Files\Thief2
2006-11-29 01:53 -------- dr-h----- C:\Documents and Settings\Puter\Application Data\SecuROM
2006-11-29 01:51 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-29 01:47 -------- d-------- C:\Program Files\nwn2
2006-11-28 22:51 -------- d-------- C:\Program Files\Atari
2006-11-27 16:44 -------- d-------- C:\Program Files\Microsoft Picture It! 7
2006-11-27 16:44 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-25 10:16 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-25 01:48 -------- d-------- C:\Program Files\BitComet
2006-11-23 21:52 -------- d-------- C:\Documents and Settings\Puter\Application Data\acccore
2006-11-23 21:51 -------- d-------- C:\Program Files\Viewpoint
2006-11-23 21:51 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-11-23 21:51 -------- d-------- C:\Program Files\AIM6
2006-11-23 21:50 -------- d-------- C:\Documents and Settings\Puter\Application Data\Mozilla
2006-11-20 14:40 -------- d-------- C:\Program Files\Java
2006-11-20 14:39 -------- d-------- C:\Program Files\HLSW
2006-11-20 14:37 -------- d-------- C:\Program Files\Batch JPEG Rotator
2006-11-20 00:03 -------- d-------- C:\Program Files\Microsoft Games
2006-11-16 15:29 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-11-14 01:25 -------- d-------- C:\Program Files\Xvid
2006-11-13 02:18 -------- d-------- C:\Documents and Settings\Puter\Application Data\DivX
2006-11-13 01:43 -------- d-------- C:\Program Files\DivX
2006-11-12 20:11 -------- d-------- C:\Program Files\LimeWire
2006-11-12 14:39 -------- d-------- C:\Documents and Settings\Puter\Application Data\Apple Computer
2006-11-12 12:34 -------- d-------- C:\Program Files\iTunes
2006-11-12 12:34 -------- d-------- C:\Program Files\iPod
2006-11-12 12:33 -------- d-------- C:\Program Files\Apple Software Update
2006-11-12 12:09 -------- d-------- C:\Program Files\Common Files\Macromedia Shared
2006-11-12 12:09 -------- d-------- C:\Documents and Settings\Puter\Application Data\Macromedia
2006-11-12 12:08 -------- d-------- C:\Program Files\Macromedia
2006-11-12 12:08 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-11-10 08:32 -------- d---s---- C:\Program Files\Xfire
2006-11-10 01:36 -------- d-------- C:\Documents and Settings\Puter\Application Data\Xfire
2006-11-08 10:38 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-06 01:24 -------- d-------- C:\Documents and Settings\Puter\Application Data\Creative
2006-11-06 00:08 -------- d-------- C:\Program Files\Qtracker
2006-11-06 00:04 -------- d-------- C:\Program Files\Windows Media Player
2006-11-06 00:04 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-11-02 19:46 -------- d-------- C:\Documents and Settings\Puter\Application Data\Atari
2006-11-02 19:45 -------- d-------- C:\Program Files\Common Files\PocketSoft
2006-11-02 19:45 -------- d-------- C:\Documents and Settings\Puter\Application Data\Leadertech
2006-11-01 14:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-01 14:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-21 16:41 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-21 16:41 286720 --------- C:\WINDOWS\Setup1.exe
2006-10-20 19:59 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-10 17:04 0 -rahs---- C:\MSDOS.SYS
2006-10-10 17:04 0 -rahs---- C:\IO.SYS
2006-10-10 17:04 0 --a------ C:\CONFIG.SYS
2006-10-10 17:04 0 --a------ C:\AUTOEXEC.BAT
2006-10-10 12:52 62 --ahs---- C:\Documents and Settings\Puter\Application Data\desktop.ini
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll

geedees
2007-01-30, 07:32
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy4\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MsnVirRem.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MsnVirRem.exe"
"backup"="C:\\WINDOWS\\pss\\MsnVirRem.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MsnVirRem.exe"
"item"="MsnVirRem"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Puter^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
"path"="C:\\Documents and Settings\\Puter\\Start Menu\\Programs\\Startup\\RollerCoaster Tycoon 3 Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\RollerCoaster Tycoon 3 Registration.lnkStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Puter\\Local Settings\\Temp\\{B8CB12C2-88CE-469C-A2D8-4F4C8386BC9B}\\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\\ATR1.exe /remind /language=ENU /PRNM=\"RollerCoaster Tycoon 3\"/PRMP=\"RCT3\"/SKUN=\"PCXX\"/GTYP=\"STRY\""
"item"="RollerCoaster Tycoon 3 Registration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Puter^Start Menu^Programs^Startup^winlogon.lnk]
"path"="C:\\Documents and Settings\\Puter\\Start Menu\\Programs\\Startup\\winlogon.lnk"
"backup"="C:\\WINDOWS\\pss\\winlogon.lnkStartup"
"location"="Startup"
"command"=" "
"item"="winlogon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwzo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="stub_109_4_0_4_0"
"hkey"="HKCU"
"command"="C:\\Program Files\\InetGet2\\stub_109_4_0_4_0.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OctoshapeClient"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Octoshape Streaming Services\\Puter\\OctoshapeClient.exe\" -inv:bootrun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shareaza"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A88C6779-08A2-1033-0719-060324060001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{A88C6779-08A2-1033-0719-060324060001}\\Update.exe\" te-110-12-0000282"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-02 22:45:14.90
C:\ComboFix.txt ... 07-01-02 22:45

geedees
2007-01-30, 07:33
Logfile of HijackThis v1.99.1
Scan saved at 12:33:05 AM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Picture It! 7\dw15.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Puter\Desktop\HJT.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

teacup61
2007-01-31, 07:38
Hello,

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java Download the latest version of Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp). Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.


Thanks,
tea

geedees
2007-02-03, 01:24
I forgot to save a report, but dug up the report file.

and found the scan.
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-02-01, 02:26:47 [COMPUTERHA][Puter]
Command-line: "C:\DOCUME~1\Puter\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
[Scan path] C:\
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\inst.exe probably infected with BACKDOOR.Trojan
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Puter\NTUSER.DAT - read error
C:\Documents and Settings\Puter\NTUSER~1.LOG - read error
C:\Documents and Settings\Puter\Application Data\Mozilla\Firefox\Profiles\l667vie7.default\PARENT~1.LOC - read error
C:\Documents and Settings\Puter\Application Data\SecuROM\UserData\*.* - read error
C:\Documents and Settings\Puter\Application Data\SecuROM\UserData\*.* - read error
C:\Documents and Settings\Puter\Desktop\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Puter\Desktop\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11

Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\leeroyfoxbibble@hotmail.com\SharingMetadata\is_bradley_me@hotmail.com\DFSR\Staging\CS{4D362170-49AF-A1DA-6381-F14C124CE25A}\01\10-{4D362170-49AF-A1DA-6381-F14C124CE25A}-v1-{B3489EC4-6CD0-4794-8830-18929E24B178}-v10-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\littlegangster_24_7@hotmail.com\SharingMetadata\gangsta_warrior9@hotmail.com\DFSR\Staging\CS{60DFB5A7-A32F-6A1E-8D2D-A2F8E35CAA3C}\01\10-{60DFB5A7-A32F-6A1E-8D2D-A2F8E35CAA3C}-v1-{AF1E929F-A3D8-4EC8-B25E-86FA73F46BA7}-v10-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\01\12-{AC85144B-715B-527A-F3EE-5E91DF578025}-v1-{5E4949C2-2860-410D-B71C-7E35D55FE90B}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\12\12-{15E3B4D4-5D3F-45D8-9729-E236F0244A85}-v12-{15E3B4D4-5D3F-45D8-9729-E236F0244A85}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\12\12-{B7BD9FE2-30C1-4E19-A183-CF8A0BC6D4A0}-v12-{B7BD9FE2-30C1-4E19-A183-CF8A0BC6D4A0}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\13\13-{15E3B4D4-5D3F-45D8-9729-E236F0244A85}-v13-{15E3B4D4-5D3F-45D8-9729-E236F0244A85}-v13-Downloaded.frx
Invalid path to file C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\SharingMetadata\riley.clarke@gmail.com\DFSR\Staging\CS{AC85144B-715B-527A-F3EE-5E91DF578025}\16\16-{5E4949C2-2860-410D-B71C-7E35D55FE90B}-v16-{5E4949C2-2860-410D-B71C-7E35D55FE90B}-v16-Downloaded.frx
C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7\aolsetup.exe probably infected with BACKDOOR.Trojan
C:\Program Files\StuffPlug3\StuffPlug3.dll probably infected with DLOADER.Trojan
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP12\A0005615.exe - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP12\A0005616.exe - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP12\A0005617.dll - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003368.exe - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003422.dll - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003436.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003437.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003438.exe is adware program Adware.IWantSearch
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003439.exe - read error
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003444.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003445.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003446.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003447.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003448.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003449.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003450.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003451.exe infected with Trojan.DownLoader.17040 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003452.dll infected with Trojan.DownLoader.17799 - deleted
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003453.exe infected with Trojan.DownLoader.17040 - deleted
C:\WINDOWS\SoftwareDistribution\EventCache\{7F28E~1.BIN - read error
C:\WINDOWS\system32\actskn45.ocx infected with Trojan.Isbar.439 - deleted
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\WINDOWS\system32\drivers\sptd.sys - read error

[Scan path] E:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 105026
Infected objects found: 13
Objects with modifications found: 0
Suspicious objects found: 3
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 2
Objects cured: 0
Objects deleted: 13
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1854 Kb/s
Scan time: 00:35:47
-----------------------------------------------------------------------------

C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\inst.exe - incurable - moved
C:\Documents and Settings\Puter\Desktop\SmitfraudFix\Process.exe - incurable - moved
C:\Documents and Settings\Puter\Desktop\SmitfraudFix\restart.exe - incurable - moved
C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7\aolsetup.exe - incurable - moved
C:\Program Files\StuffPlug3\StuffPlug3.dll - incurable - moved
C:\System Volume Information\_restore{37FA778A-4AF7-4497-BD0A-EF812EC2A04E}\RP9\A0003438.exe - incurable - moved

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 105341
Infected objects found: 13
Objects with modifications found: 0
Suspicious objects found: 3
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 2
Objects cured: 0
Objects deleted: 13
Objects renamed: 0
Objects moved: 6
Objects ignored: 0
Scan speed: 1894 Kb/s
Scan time: 00:35:53
=============================================================================

Logfile of HijackThis v1.99.1
Scan saved at 6:24:09 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Puter\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

teacup61
2007-02-03, 22:57
Hello,

Your log looks good. How is it running? :)

geedees
2007-02-07, 08:18
It's all right, It does randomly re-start sometimes.

teacup61
2007-02-07, 08:30
Hello,

I'd like to have another run with ComboFix, please. Delete the version of ComboFix you have, as it's been updated, and download a new one, please.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

geedees
2007-02-09, 09:32
Puter" - 07-02-09 2:25:38 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Puter\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-09 to 2007-02-09 ))))))))))))))))))))))))))))))))))


2007-02-08 04:03 872 --a------ C:\WINDOWS\relation.dat
2007-02-07 23:26 <DIR> d-------- C:\Program Files\GameArena
2007-02-01 02:54 <DIR> d-------- C:\Program Files\Java
2007-02-01 02:54 <DIR> d-------- C:\Program Files\Common Files\Java
2007-02-01 02:26 <DIR> d-------- C:\DOCUME~1\Puter\DoctorWeb
2007-01-28 12:56 40,960 --a------ C:\WINDOWS\system32\psfind.dll
2007-01-28 12:56 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-01-28 12:52 <DIR> d-------- C:\Program Files\THQ
2007-01-27 14:17 <DIR> d-------- C:\Program Files\LimeWire
2007-01-26 23:26 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2007-01-26 23:26 <DIR> d-------- C:\Program Files\Agnitum
2007-01-26 23:22 34,304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2007-01-26 23:22 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2007-01-26 23:22 <DIR> d-------- C:\Program Files\AntiVir PersonalEdition Classic
2007-01-26 23:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AntiVir PersonalEdition Classic
2007-01-25 02:57 2,004 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-24 21:27 28,800 --a------ C:\WINDOWS\snap.dat
2007-01-24 15:50 <DIR> d-------- C:\fixwareout
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-08 22:19 -------- d-------- C:\Program Files\mozilla firefox
2007-02-08 17:12 -------- d-------- C:\Program Files\msn messenger
2007-02-07 16:05 -------- d-------- C:\DOCUME~1\Puter\Application Data\utorrent
2007-01-28 12:52 -------- d--h----- C:\Program Files\installshield installation information
2007-01-24 17:17 -------- d-------- C:\DOCUME~1\Puter\Application Data\shareaza
2007-01-24 15:33 -------- d-------- C:\Program Files\a-squared free
2007-01-23 12:20 -------- d-------- C:\Program Files\world of warcraft
2007-01-21 11:28 -------- d-------- C:\Program Files\utorrent
2007-01-17 20:25 -------- d-------- C:\Program Files\peerguardian2
2007-01-07 11:26 -------- d-------- C:\DOCUME~1\Puter\Application Data\dvdcss
2007-01-02 13:35 86016 --a------ C:\WINDOWS\system32\openal32.dll
2007-01-02 13:35 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-02 13:35 -------- d-------- C:\Program Files\openal
2007-01-01 15:11 -------- d-------- C:\Program Files\stuffplug3
2006-12-31 18:33 -------- d-------- C:\Program Files\messenger
2006-12-31 15:51 -------- d-------- C:\Program Files\octoshape streaming services
2006-12-31 15:51 -------- d-------- C:\Program Files\curerom
2006-12-31 01:03 -------- d---s---- C:\DOCUME~1\Puter\Application Data\microsoft
2006-12-30 22:24 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-29 11:12 52224 --a------ C:\WINDOWS\ipuninst.exe
2006-12-29 11:12 -------- d-------- C:\Program Files\interplay
2006-12-28 14:03 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-12-27 21:34 -------- d-------- C:\Program Files\google
2006-12-27 21:34 -------- d-------- C:\DOCUME~1\Puter\Application Data\google
2006-12-14 21:59 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll
2006-12-14 21:59 17212 --a----t- C:\WINDOWS\system32\sintf32.dll
2006-12-14 21:59 12067 --a----t- C:\WINDOWS\system32\sintf16.dll
2006-12-10 23:55 -------- d-------- C:\DOCUME~1\Puter\Application Data\ventrilo
2006-11-23 21:50 335 --a------ C:\WINDOWS\nsreg.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy4\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Outpost Firewall"="C:\\PROGRA~1\\Agnitum\\OUTPOS~1.0\\outpost.exe /waitservice"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MsnVirRem.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MsnVirRem.exe"
"backup"="C:\\WINDOWS\\pss\\MsnVirRem.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MsnVirRem.exe"
"item"="MsnVirRem"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Puter^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
"path"="C:\\Documents and Settings\\Puter\\Start Menu\\Programs\\Startup\\RollerCoaster Tycoon 3 Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\RollerCoaster Tycoon 3 Registration.lnkStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Puter\\Local Settings\\Temp\\{B8CB12C2-88CE-469C-A2D8-4F4C8386BC9B}\\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\\ATR1.exe /remind /language=ENU /PRNM=\"RollerCoaster Tycoon 3\"/PRMP=\"RCT3\"/SKUN=\"PCXX\"/GTYP=\"STRY\""
"item"="RollerCoaster Tycoon 3 Registration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OctoshapeClient"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Octoshape Streaming Services\\Puter\\OctoshapeClient.exe\" -inv:bootrun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shareaza"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlog"
"hkey"="HKLM"
"command"="winlog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Client IP-IPX"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\autorun\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f341606-6f3f-11db-9a02-000acd11b1ef}]
Shell\AutoRun\command F:\autorun\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4672fe17-587f-11db-b661-806d6172696f}]
Shell\AutoRun\command D:\Autorun.exe root.ini

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7645827e-58b3-11db-a7ec-806d6172696f}]
Shell\AutoRun\command D:\Autorun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-09 2:27:31

teacup61
2007-02-09, 22:10
Hello,

Please download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Please also let me know how your computer is running now. :)

Thanks,
tea

geedees
2007-02-16, 05:36
DFix: Version 1.64

Run by: Puter - Thu 02/15/2007 @ 22:23:50.62

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found..




ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"E:\\Program Files\\Shareaza\\Shareaza.exe"="E:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Puter\Local Settings\Application Data\Microsoft\Messenger\loveaslaughter__@hotmail.com\Sharing Folders\riley.clarke@gmail.com\Thumbs.db
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Downloads\mariof.zip

Finished
------

Logfile of HijackThis v1.99.1
Scan saved at 10:35:58 PM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Puter\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

teacup61
2007-02-17, 11:06
Hello,

Let's look here:

Download the trial version of Spy Sweeper from
Here (http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT14)

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

Thanks,
tea

tashi
2007-02-26, 06:04
How is it going geedees. :)

geedees
2007-02-27, 20:08
9:30 PM: ApplicationMinimized - EXIT
9:30 PM: ApplicationMinimized - ENTER
9:30 PM: ApplicationMinimized - EXIT
9:30 PM: ApplicationMinimized - ENTER
9:30 PM: ApplicationMinimized - EXIT
9:30 PM: ApplicationMinimized - ENTER
9:30 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:29 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:28 PM: Warning: Failed to open file "c:\documents and settings\puter\application data\mozilla\firefox\profiles\l667vie7.default\parent.lock". The operation completed successfully
9:28 PM: Warning: Failed to open file "c:\documents and settings\puter\local settings\application data\microsoft\messenger\leeroyfoxbibble@hotmail.com\sharingmetadata\pending.dat". The operation completed successfully
9:28 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:27 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:26 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:25 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - ENTER
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - ENTER
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - ENTER
9:24 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:24 PM: ApplicationMinimized - EXIT
9:24 PM: ApplicationMinimized - ENTER
9:24 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:23 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:22 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Starting File Sweep
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
9:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:21 PM: c:\documents and settings\puter\cookies\puter@zedo[1].txt (ID = 3762)
9:21 PM: Found Spy Cookie: zedo cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@xiti[1].txt (ID = 3717)
9:21 PM: Found Spy Cookie: xiti cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@web.tickle[1].txt (ID = 3530)
9:21 PM: c:\documents and settings\puter\cookies\puter@tripod[1].txt (ID = 3591)
9:21 PM: Found Spy Cookie: tripod cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@tribalfusion[2].txt (ID = 3589)
9:21 PM: Found Spy Cookie: tribalfusion cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@trafficmp[2].txt (ID = 3581)
9:21 PM: Found Spy Cookie: trafficmp cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@tradedoubler[1].txt (ID = 3575)
9:21 PM: Found Spy Cookie: tradedoubler cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@tickle[1].txt (ID = 3529)
9:21 PM: Found Spy Cookie: tickle cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@tacoda[2].txt (ID = 6444)
9:21 PM: Found Spy Cookie: tacoda cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@serving-sys[2].txt (ID = 3343)
9:21 PM: Found Spy Cookie: serving-sys cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@realmedia[2].txt (ID = 3235)
9:21 PM: Found Spy Cookie: realmedia cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@questionmarket[2].txt (ID = 3217)
9:21 PM: Found Spy Cookie: questionmarket cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@perf.overture[1].txt (ID = 3106)
9:21 PM: c:\documents and settings\puter\cookies\puter@overture[1].txt (ID = 3105)
9:21 PM: Found Spy Cookie: overture cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@nextag[2].txt (ID = 5014)
9:21 PM: Found Spy Cookie: nextag cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@msnportal.112.2o7[1].txt (ID = 1958)
9:21 PM: c:\documents and settings\puter\cookies\puter@mediaplex[1].txt (ID = 6442)
9:21 PM: Found Spy Cookie: mediaplex cookie
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: c:\documents and settings\puter\cookies\puter@edge.ru4[2].txt (ID = 3269)
9:21 PM: Found Spy Cookie: ru4 cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@dist.belnk[2].txt (ID = 2293)
9:21 PM: c:\documents and settings\puter\cookies\puter@devart.adbureau[2].txt (ID = 2060)
9:21 PM: Found Spy Cookie: adbureau cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@customer[1].txt (ID = 2481)
9:21 PM: Found Spy Cookie: customer cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@cnn.122.2o7[1].txt (ID = 1958)
9:21 PM: c:\documents and settings\puter\cookies\puter@casalemedia[2].txt (ID = 2354)
9:21 PM: Found Spy Cookie: casalemedia cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@bs.serving-sys[2].txt (ID = 2330)
9:21 PM: Found Spy Cookie: bs.serving-sys cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@belnk[1].txt (ID = 2292)
9:21 PM: Found Spy Cookie: belnk cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@azjmp[2].txt (ID = 2270)
9:21 PM: Found Spy Cookie: azjmp cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@atwola[2].txt (ID = 2255)
9:21 PM: Found Spy Cookie: atwola cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@atdmt[2].txt (ID = 2253)
9:21 PM: Found Spy Cookie: atlas dmt cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@as-eu.falkag[2].txt (ID = 2650)
9:21 PM: Found Spy Cookie: falkag cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adviva[1].txt (ID = 2177)
9:21 PM: Found Spy Cookie: adviva cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@advertising[1].txt (ID = 2175)
9:21 PM: Found Spy Cookie: advertising cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adtech[2].txt (ID = 2155)
9:21 PM: Found Spy Cookie: adtech cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adserver[1].txt (ID = 2141)
9:21 PM: Found Spy Cookie: adserver cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@ads.pointroll[2].txt (ID = 3148)
9:21 PM: Found Spy Cookie: pointroll cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@ads.addynamix[1].txt (ID = 2062)
9:21 PM: Found Spy Cookie: addynamix cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adrevolver[3].txt (ID = 2088)
9:21 PM: c:\documents and settings\puter\cookies\puter@adrevolver[2].txt (ID = 2088)
9:21 PM: Found Spy Cookie: adrevolver cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adopt.specificclick[2].txt (ID = 3400)
9:21 PM: Found Spy Cookie: specificclick.com cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@adlegend[1].txt (ID = 2074)
9:21 PM: Found Spy Cookie: adlegend cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@ad.yieldmanager[2].txt (ID = 3751)
9:21 PM: Found Spy Cookie: yieldmanager cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@a.websponsors[2].txt (ID = 3665)
9:21 PM: Found Spy Cookie: websponsors cookie
9:21 PM: c:\documents and settings\puter\cookies\puter@2o7[2].txt (ID = 1957)
9:21 PM: Found Spy Cookie: 2o7.net cookie
9:21 PM: Starting Cookie Sweep
9:21 PM: Registry Sweep Complete, Elapsed Time:00:00:07
9:21 PM: HKU\S-1-5-21-1645522239-926492609-839522115-1003\software\idl\ (ID = 1351285)
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:21 PM: Found Adware: targetsaver
9:21 PM: ApplicationMinimized - EXIT
9:21 PM: ApplicationMinimized - ENTER
9:21 PM: ApplicationMinimized - EXIT
9:21 PM: ApplicationMinimized - ENTER
9:21 PM: ApplicationMinimized - EXIT
9:21 PM: ApplicationMinimized - ENTER
9:21 PM: Starting Registry Sweep
9:21 PM: Memory Sweep Complete, Elapsed Time: 00:02:12
9:21 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:20 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:19 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:19 PM: Starting Memory Sweep
9:19 PM: ApplicationMinimized - EXIT
9:19 PM: ApplicationMinimized - EXIT
9:19 PM: ApplicationMinimized - ENTER
9:19 PM: ApplicationMinimized - ENTER
9:19 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:19 PM: Start Full Sweep

geedees
2007-02-27, 20:09
10:00 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00 PM: Removal process completed. Elapsed time 00:00:06
10:00 PM: Quarantining All Traces: zedo cookie
10:00 PM: Quarantining All Traces: xiti cookie
10:00 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00 PM: Quarantining All Traces: tripod cookie
10:00 PM: Quarantining All Traces: tribalfusion cookie
10:00 PM: Quarantining All Traces: trafficmp cookie
10:00 PM: Quarantining All Traces: tradedoubler cookie
10:00 PM: Quarantining All Traces: tickle cookie
10:00 PM: Quarantining All Traces: tacoda cookie
10:00 PM: Quarantining All Traces: serving-sys cookie
10:00 PM: Quarantining All Traces: realmedia cookie
10:00 PM: Quarantining All Traces: questionmarket cookie
10:00 PM: Quarantining All Traces: overture cookie
10:00 PM: Quarantining All Traces: nextag cookie
10:00 PM: Quarantining All Traces: mediaplex cookie
10:00 PM: Quarantining All Traces: ru4 cookie
10:00 PM: Quarantining All Traces: adbureau cookie
10:00 PM: Quarantining All Traces: customer cookie
10:00 PM: Quarantining All Traces: casalemedia cookie
10:00 PM: Quarantining All Traces: bs.serving-sys cookie
10:00 PM: Quarantining All Traces: belnk cookie
10:00 PM: Quarantining All Traces: azjmp cookie
10:00 PM: Quarantining All Traces: atwola cookie
10:00 PM: Quarantining All Traces: atlas dmt cookie
10:00 PM: Quarantining All Traces: falkag cookie
10:00 PM: Quarantining All Traces: adviva cookie
10:00 PM: Quarantining All Traces: advertising cookie
10:00 PM: Quarantining All Traces: adtech cookie
10:00 PM: Quarantining All Traces: adserver cookie
10:00 PM: Quarantining All Traces: pointroll cookie
10:00 PM: Quarantining All Traces: addynamix cookie
10:00 PM: Quarantining All Traces: adrevolver cookie
10:00 PM: Quarantining All Traces: specificclick.com cookie
10:00 PM: Quarantining All Traces: adlegend cookie
10:00 PM: Quarantining All Traces: yieldmanager cookie
10:00 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
10:00 PM: Quarantining All Traces: websponsors cookie
10:00 PM: Quarantining All Traces: 2o7.net cookie
10:00 PM: Quarantining All Traces: targetsaver
10:00 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:59 PM: Removal process initiated
9:59 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:58 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:58 PM: ApplicationMinimized - EXIT
9:58 PM: ApplicationMinimized - EXIT
9:58 PM: ApplicationMinimized - ENTER
9:58 PM: ApplicationMinimized - ENTER
9:58 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:57 PM: ApplicationMinimized - EXIT
9:57 PM: ApplicationMinimized - ENTER
9:57 PM: ApplicationMinimized - EXIT
9:57 PM: ApplicationMinimized - ENTER
9:57 PM: ApplicationMinimized - EXIT
9:57 PM: ApplicationMinimized - ENTER
9:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:57 PM: ApplicationMinimized - EXIT
9:57 PM: ApplicationMinimized - ENTER
9:57 PM: ApplicationMinimized - EXIT
9:57 PM: ApplicationMinimized - ENTER
9:57 PM: ApplicationMinimized - EXIT
9:57 PM: ApplicationMinimized - ENTER
9:57 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:56 PM: Traces Found: 43
9:56 PM: Full Sweep has completed. Elapsed time 00:37:23
9:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:56 PM: File Sweep Complete, Elapsed Time: 00:34:44
9:56 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:55 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:54 PM: ApplicationMinimized - EXIT
9:54 PM: ApplicationMinimized - EXIT
9:54 PM: ApplicationMinimized - ENTER
9:54 PM: ApplicationMinimized - ENTER
9:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:54 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:53 PM: ApplicationMinimized - EXIT
9:53 PM: ApplicationMinimized - ENTER
9:53 PM: ApplicationMinimized - EXIT
9:53 PM: ApplicationMinimized - ENTER
9:53 PM: ApplicationMinimized - EXIT
9:53 PM: ApplicationMinimized - ENTER
9:53 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:52 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:52 PM: ApplicationMinimized - EXIT
9:52 PM: ApplicationMinimized - ENTER
9:52 PM: ApplicationMinimized - EXIT
9:52 PM: ApplicationMinimized - ENTER
9:52 PM: ApplicationMinimized - EXIT
9:52 PM: ApplicationMinimized - ENTER
9:52 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:51 PM: ApplicationMinimized - EXIT
9:51 PM: ApplicationMinimized - ENTER
9:51 PM: ApplicationMinimized - EXIT
9:51 PM: ApplicationMinimized - ENTER
9:51 PM: ApplicationMinimized - EXIT
9:51 PM: ApplicationMinimized - ENTER
9:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:51 PM: ApplicationMinimized - EXIT
9:51 PM: ApplicationMinimized - ENTER
9:51 PM: ApplicationMinimized - EXIT
9:51 PM: ApplicationMinimized - ENTER
9:51 PM: ApplicationMinimized - EXIT
9:51 PM: ApplicationMinimized - ENTER
9:51 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:50 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:49 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:48 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:47 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:46 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:45 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:44 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:43 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:42 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:40 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:40 PM: ApplicationMinimized - EXIT
9:40 PM: ApplicationMinimized - ENTER
9:40 PM: ApplicationMinimized - EXIT
9:40 PM: ApplicationMinimized - ENTER
9:40 PM: ApplicationMinimized - EXIT
9:40 PM: ApplicationMinimized - ENTER
9:40 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:40 PM: ApplicationMinimized - EXIT
9:40 PM: ApplicationMinimized - EXIT
9:40 PM: ApplicationMinimized - ENTER
9:40 PM: ApplicationMinimized - ENTER
9:40 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:39 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:38 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:37 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:36 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:36 PM: ApplicationMinimized - EXIT
9:36 PM: ApplicationMinimized - ENTER
9:36 PM: ApplicationMinimized - EXIT
9:36 PM: ApplicationMinimized - ENTER
9:36 PM: ApplicationMinimized - EXIT
9:36 PM: ApplicationMinimized - ENTER
9:36 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:35 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: ApplicationMinimized - EXIT
9:35 PM: ApplicationMinimized - ENTER
9:35 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:34 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
Not enough storage is available to process this command
9:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:33 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
9:33 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:32 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:31 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
9:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:31 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service

geedees
2007-02-27, 20:14
Every time there is an Windows messenger service error, it would repeat every second of every minute.

This is a full portion, of one minute of the log.

9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service
9:41 PM: Warning: Windows Messenger Shield: Could not open Messenger Service. Error: The specified service does not exist as an installed service

teacup61
2007-02-27, 20:43
Hello,

Are you still getting the random restarts?

geedees
2007-02-28, 06:44
Well, I've found out that it maybe a cmos timing issue and have been leaving the pc on a lot more.

I do get random re-starts (not personally but other family members do.)

Less frequently now.

teacup61
2007-02-28, 08:15
Hello,

Then I'm not happy. You either have something left there, or what you had has damaged your system. :sad:

Please delete ComboFix from all the computers you might have put it on ( I gather from your comments there is more than one present) as the tool has been pulled for security reasons.

1. Download AVG Anti-Spyware (formerly Ewido) from HERE (http://www.ewido.net/en/download/) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete, run AVG and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG anti-spyware, Do Not run a scan just yet

2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Reboot your computer into SafeMode. You can do this by restarting your computer and tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5. IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
Close AVG and reboot your system back into Normal Mode.

6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG text report that you saved and a new HiJackThis log.

Thanks,
tea

geedees
2007-03-02, 05:47
We used to have 3 PCs, but we recently moved and now everyone uses mine.

I never used to get these problems because I never used my PC for anything other than playing games.

teacup61
2007-03-03, 21:08
Hello,

Did you follow my last instructions? :)

tashi
2007-03-10, 17:29
geedees, due to lack of a response, this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

Thank you teacup61.