Page 1 of 5 12345 LastLast
Results 1 to 10 of 46

Thread: surfsidekicks and other stuff on my comp, need help

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    26

    Default surfsidekicks and other stuff on my comp, need help

    hey, my computer is being ravaged. heres the HJT log file

    thanks

  2. #2
    Junior Member
    Join Date
    Mar 2006
    Posts
    26

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 7:32:31 PM, on 3/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\msput.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SYSC00.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\webHancer\Programs\whagent.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    c:\windows\system32\qqdsregn.exe
    C:\Documents and Settings\Joe\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [{DB-B7-75-53-ZN}] c:\windows\system32\qqdsregn.exe CORN001
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
    O4 - HKLM\..\Run: [qeuvwadA] C:\WINDOWS\qeuvwadA.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by WebHancer
    O20 - AppInit_DLLs: repairs303169536.dll
    O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\g004ladq1d0e.dll
    O23 - Service: Microsoft Startup Manager. (Microsoft Startup Manager) - Unknown owner - C:\WINDOWS\msput.exe

  3. #3
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)
    Click Save, copy and paste the results in your next post.
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  4. #4
    Junior Member
    Join Date
    Mar 2006
    Posts
    26

    Default

    Active Alert
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Reader 7.0.5
    AOL Instant Messenger
    BitTorrent 4.4.1
    Command
    DivX Player
    Google Toolbar for Internet Explorer
    HijackThis 1.99.1
    Internet Optimizer
    IsoBuster 1.9
    J2SE Runtime Environment 5.0 Update 1
    Jagged Alliance 2 Wildfire
    LimeWire 4.9.30
    Logitech MouseWare 9.42 .1
    Logitech Resource Center
    Logitech User's Guide
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Microsoft Office XP Professional with FrontPage
    Mozilla Firefox (1.0PR)
    MSN Music Assistant
    Network Monitor
    New.net Domains 7.22
    QuickTime
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Spelling Dictionaries For Adobe Reader Package
    Spybot - Search & Destroy 1.4
    Surf SideKick
    Toolbar888
    TSA
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB910437)
    Viewpoint Media Player
    Web Nexus Network
    webHancer Customer Companion
    Win-dh
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WSEM Update

  5. #5
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    thanks
    open control panel> add /remove programs applet and uninstall the following


    Network Monitor
    New.net Domains 7.22
    Surf SideKick
    Toolbar888
    TSA
    Viewpoint Media Player
    Web Nexus Network
    webHancer Customer Companion



    reboot

    post a fresh hijackthis log]
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  6. #6
    Junior Member
    Join Date
    Mar 2006
    Posts
    26

    Default

    I couldn't remove that TSA thing. I removed everyhing else, rebooted and this is the Hjt log.



    Logfile of HijackThis v1.99.1
    Scan saved at 7:18:12 PM, on 3/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\msput.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\FCAdvice\FCAdvice.exe
    C:\Program Files\EQAdvice\EQAdvice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\SYSC00.exe
    C:\windows\system32\qqdsregn.exe
    C:\mousepad3.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    c:\Program Files\Hmzg\Nwpuqr.exe
    C:\Documents and Settings\Joe\Desktop\HijackThis.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\foxdu.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pkfhfnm.exe
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [{DB-B7-75-53-ZN}] C:\windows\system32\qqdsregn.exe CORN001
    O4 - HKLM\..\Run: [newname] C:\\newname3.exe
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinrrag.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll
    O20 - AppInit_DLLs: Runner.dll
    O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\mv20l9fm1.dll
    O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\m8280ifue8280.dll
    O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\dsmap.dll (file missing)
    O23 - Service: Microsoft Startup Manager. (Microsoft Startup Manager) - Unknown owner - C:\WINDOWS\msput.exe

  7. #7
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi



    Please download ewido anti malware it is a free version of the program.
    1. Install ewido security suite
    2. When installing, under "Additional Options" uncheck..
      • Install background guard
      • Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display ("Update successful")
    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates

    Once the updates are installed do the following:

    reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.


    then launch ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.

    Close ewido security suite.

    reboot back to normal mode
    post the ewido report ( edit out cookie detections to make it shorter )
    and a frehs hiajckthis log
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  8. #8
    Junior Member
    Join Date
    Mar 2006
    Posts
    26

    Default

    Hey,
    I messed up
    when i ran ewido, after the scan, it prompted me asking if i wanted to remove the entire archive because certain files were embedded in them. I said no for many of them, then switched to yes. Then at the end i realized i should have done the same thing with all of them, and started a new scan, but realized too late that all that stuff was already quarentined and i hadn't saved the log. Sorry.

  9. #9
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    ok, post a fresh hijackthis log and we will continue from that
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  10. #10
    Junior Member
    Join Date
    Mar 2006
    Posts
    26

    Default

    sorry about all that,

    Logfile of HijackThis v1.99.1
    Scan saved at 6:25:28 PM, on 3/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\EQAdvice\EQAdvice.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Joe\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\foxdu.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pkfhfnm.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll
    O20 - AppInit_DLLs: Runner.dll
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\en2sl1f71.dll (file missing)
    O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\m8280ifue8280.dll (file missing)
    O20 - Winlogon Notify: Run - C:\WINDOWS\system32\enrsl1971.dll
    O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\dsmap.dll (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Microsoft Startup Manager. (Microsoft Startup Manager) - Unknown owner - C:\WINDOWS\msput.exe (file missing)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •