HijackThis!

Discussion in 'OT Technology' started by noxxs, Jun 12, 2005.

  1. noxxs

    noxxs New Member

    Joined:
    Dec 14, 2004
    Messages:
    3,910
    Likes Received:
    0
    Location:
    Albany, NY
    Something has taken over my computer and I cant figure out how to get rid of it. I have massive pop-up waves coming from IE (i use firefox as default), when i go to try and change the internet options it says its blocked by the system administrator, and i didnt change it. Also i tried to install norton and the install always fails. no other anti-virus program will pick up anything major.

    Here's my HijackThis log file:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:08:18 PM, on 6/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\ehome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\winupdt.exe
    C:\WINDOWS\system32\RUNDLL32.exe
    C:\WINDOWS\System32\exp.exe
    C:\WINDOWS\System32\wintask.exe
    C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\WINDOWS\system32\nvprnv.exe
    C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    C:\WINDOWS\System32\picsvr\picsvr.exe
    C:\Program Files\Tmebrjr\Wnpv.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\Program Files\NaviSearch\bin\nls.exe
    C:\WINDOWS\System32\psitoc.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\PROGRA~1\Web Offer\wo.exe
    C:\Program Files\Registry Cleaner Trial\RegClean.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\psitoc.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\wscideo.exe
    C:\WINDOWS\system32\wsoaclen.exe
    C:\Program Files\Aprps\CxtPls.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\BugDoctor\BugDoctor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50249
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50249
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50249
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O1 - Hosts: 62.75.224.159 www.bns1.net
    O1 - Hosts: 62.75.224.159 www.bns2.net
    O1 - Hosts: 62.75.224.159 www.bns3.net
    O1 - Hosts: 62.75.224.159 www.bns4.net
    O1 - Hosts: 62.75.224.159 www.bns5.net
    O1 - Hosts: 62.75.224.159 www.bns6.net
    O1 - Hosts: 62.75.224.159 www.bns7.net
    O1 - Hosts: 62.75.224.159 www.bns8.net
    O1 - Hosts: 62.75.224.159 www.cms1.net
    O1 - Hosts: 62.75.224.159 www.cms2.net
    O1 - Hosts: 62.75.224.159 www.cms3.net
    O1 - Hosts: 62.75.224.159 www.cms4.net
    O1 - Hosts: 62.75.224.159 www.cms5.net
    O1 - Hosts: 62.75.224.159 www.cms6.net
    O1 - Hosts: 62.75.224.159 www.cms7.net
    O1 - Hosts: 62.75.224.159 www.cms8.net
    O1 - Hosts: 62.75.224.159 www.rg1.com
    O1 - Hosts: 62.75.224.159 www.rg2.com
    O1 - Hosts: 62.75.224.159 www.rg3.com
    O1 - Hosts: 62.75.224.159 www.rg4.com
    O1 - Hosts: 62.75.224.159 www.rg5.com
    O1 - Hosts: 62.75.224.159 www.rg6.com
    O1 - Hosts: 62.75.224.159 www.rg7.com
    O1 - Hosts: 62.75.224.159 www.rg8.com
    O1 - Hosts: 62.75.224.159 jcms.cydoor.com
    O1 - Hosts: 62.75.224.159 cydoor.com
    O1 - Hosts: 62.75.224.159 jnova.cjt1.net
    O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
    O1 - Hosts: 62.75.224.159 j.2004CMS.com
    O1 - Hosts: 62.75.224.159 2004CMS.com
    O1 - Hosts: 62.75.224.159 bns1.m7z.net
    O1 - Hosts: 62.75.224.159 m7z.net
    O1 - Hosts: 62.75.224.159 jcontent.bns1.net
    O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
    O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
    O4 - HKLM\..\Run: [d22d64653ac2] C:\WINDOWS\System32\asycfilt.exe
    O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nvprnv.exe reg_run
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
    O4 - HKLM\..\Run: [Vcknsoxg] C:\Program Files\Tmebrjr\Wnpv.exe
    O4 - HKLM\..\Run: [sphjgwl] C:\WINDOWS\system32\sphjgwl.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
    O4 - HKLM\..\Run: [7FsV36U] wsoaclen.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [Mo39RWY5Q] wscideo.exe
    O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
    O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - HKCU\..\Run: [psitoc] C:\WINDOWS\System32\psitoc.exe
    O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe"
    O4 - HKCU\..\RunOnce: [psitoc] C:\WINDOWS\System32\psitoc.exe
    O4 - Startup: AutoTBar.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MUSICMATCH MX Web Player (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O15 - Trusted Zone: http://www.neededware.com
    O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-0000-0000-000000000000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
     
  2. zanook

    zanook New Member

    Joined:
    Aug 14, 2003
    Messages:
    33
    Likes Received:
    0
  3. monolith

    monolith My soul grows ever weary and the end is ever near. OT Supporter

    Joined:
    May 9, 2004
    Messages:
    32,538
    Likes Received:
    236
    Location:
    Southern California
  4. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
  5. keleko

    keleko yes, he is

    Joined:
    May 22, 2005
    Messages:
    28,741
    Likes Received:
    0
    Location:
    lauderhill, fl
    ppl with spyware and virii and trojans DESERVE what they get
    i have no sympathy for any of them, but i will charge $75/hr to clean it up :)
     
  6. col_panic

    col_panic calm like a bomb Moderator

    Joined:
    Sep 19, 2003
    Messages:
    188,160
    Likes Received:
    0
    Location:
    winter haven, fl
    you have a lot of bad shit in there

    if you can't read this, paste your log here:

    http://www.hijackthis.de/


    C:\WINDOWS\System32\smss.exe Safe.
    Safe. running process. (smss.exe)
    Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.
    C:\WINDOWS\system32\winlogon.exe Safe.
    Safe. running process. (winlogon.exe)
    Systemprozess - Windows Login Routine
    C:\WINDOWS\system32\services.exe Safe.
    Safe. running process. (services.exe)
    Systemprozess - Verwaltet die Systemdienste.
    C:\WINDOWS\system32\lsass.exe Safe.
    Safe. running process. (lsass.exe)
    Systemprozess
    C:\WINDOWS\System32\Ati2evxx.exe Safe.
    Safe. running process. (Ati2evxx.exe)
    ATI2evxx.exe is related to ATI Technologies Inc. hardware.
    C:\WINDOWS\system32\svchost.exe Safe.
    Safe. running process. (svchost.exe)
    Systemprozess - Allgemeiner Hostprozessname für Dienste.
    C:\WINDOWS\System32\svchost.exe Safe.
    Safe. running process. (svchost.exe)
    Systemprozess - Allgemeiner Hostprozessname für Dienste.
    C:\WINDOWS\system32\Ati2evxx.exe Safe.
    Safe. running process. (Ati2evxx.exe)
    ATI2evxx.exe is related to ATI Technologies Inc. hardware.
    C:\WINDOWS\Explorer.EXE Safe.
    Safe. running process. (Explorer.EXE)
    Systemprozess für Desktop und Taskleiste.
    C:\WINDOWS\system32\LEXBCES.EXE Safe.
    Safe. running process. (LEXBCES.EXE)
    Lexmark LexBce Service
    C:\WINDOWS\system32\spoolsv.exe Safe.
    Safe. running process. (spoolsv.exe)
    Systemprozess
    C:\WINDOWS\system32\LEXPPS.EXE Safe.
    Safe. running process. (LEXPPS.EXE)

    C:\WINDOWS\ehome\ehSched.exe Safe.
    Safe. running process. (ehSched.exe)

    C:\WINDOWS\System32\svchost.exe Safe.
    Safe. running process. (svchost.exe)
    Systemprozess - Allgemeiner Hostprozessname für Dienste.
    C:\Program Files\Common Files\WinTools\WToolsS.exe Nasty
    Nasty running process. (WToolsS.exe)
    This is a nasty process! You should fix it and try to delete it manually!
    C:\Program Files\Common Files\WinTools\WToolsA.exe Nasty
    Nasty running process. (WToolsA.exe)
    This is a nasty process! You should fix it and try to delete it manually!
    C:\Program Files\Common Files\WinTools\WSup.exe Nasty
    Nasty running process. (WSup.exe)
    This is a nasty process! You should fix it and try to delete it manually!
    C:\WINDOWS\system32\wscntfy.exe Safe.
    Safe. running process. (wscntfy.exe)
    Windows XP Securitycenter (Service Pack 2)
    C:\windows\system\hpsysdrv.exe Safe.
    Safe. running process. (hpsysdrv.exe)

    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe Safe.
    Safe. running process. (hpqcmon.exe)
    Hewlett-Packard Digital Imaging
    Possibly nasty! According to our database this process runs normally in c:\programme\hp\digital imaging\unload\! Check if you know this process and arrange a viruscheck where required.
    C:\WINDOWS\System32\hphmon05.exe Safe.
    Safe. running process. (hphmon05.exe)
    Part of Hewlett-Packard
    C:\HP\KBD\KBD.EXE Unknown
    Unknown running process. (KBD.EXE)
    This is a unknown process.
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe Safe.
    Safe. running process. (shwicon2k.exe)

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe Safe.
    Safe. running process. (cli.exe)
    ATI Control Center
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe Safe.
    Safe. running process. (lxbkbmgr.exe)

    C:\WINDOWS\ALCXMNTR.EXE Nasty
    Nasty running process. (ALCXMNTR.EXE)
    Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers This is a nasty process! You should fix it and try to delete it manually!
    C:\Program Files\QuickTime\qttask.exe Safe.
    Safe. running process. (qttask.exe)
    Part of QuickTime
    C:\WINDOWS\System32\winupdt.exe Nasty
    Nasty running process. (winupdt.exe)
    Malware Prozess This is a nasty process! You should fix it and try to delete it manually!
    C:\WINDOWS\system32\RUNDLL32.exe Safe.
    Safe. running process. (RUNDLL32.exe)
    RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
    C:\WINDOWS\System32\exp.exe Unknown
    Unknown running process. (exp.exe)
    This is a unknown process.
    C:\WINDOWS\System32\wintask.exe Nasty
    Nasty running process. (wintask.exe)
    Added as a result of the NAVIDAD VIRUS! This is a nasty process! You should fix it and try to delete it manually!
    C:\Documents and Settings\All Users\Application Data\msst\mssts.exe Unknown
    Unknown running process. (mssts.exe)
    This is a unknown process.
    C:\WINDOWS\system32\rundll32.exe Safe.
    Safe. running process. (rundll32.exe)
    RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
    C:\WINDOWS\system32\rundll32.exe Safe.
    Safe. running process. (rundll32.exe)
    RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
    C:\WINDOWS\system32\rundll32.exe Safe.
    Safe. running process. (rundll32.exe)
    RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
    C:\Program Files\AutoUpdate\AutoUpdate.exe Unknown
    Unknown running process. (AutoUpdate.exe)
    Additional item added to start-ups after AT&T took over the now bankrupt [email protected] high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates This is a unknown process.
    C:\Program Files\Internet Optimizer\optimize.exe Nasty
    Nasty running process. (optimize.exe)
    Internet Optimizer Malware This is a nasty process! You should fix it and try to delete it manually!
    C:\WINDOWS\system32\nvprnv.exe Unknown
    Unknown running process. (nvprnv.exe)
    This is a unknown process.
    C:\WINDOWS\System32\nsvsvc\nsvsvc.exe Unknown
    Unknown running process. (nsvsvc.exe)
    This is a unknown process.
    C:\WINDOWS\System32\picsvr\picsvr.exe Nasty
    Nasty running process. (picsvr.exe)
    Adware.DelFin This is a nasty process! You should fix it and try to delete it manually!
    C:\Program Files\Tmebrjr\Wnpv.exe Unknown
    Unknown running process. (Wnpv.exe)
    This is a unknown process.
    C:\Program Files\BullsEye Network\bin\bargains.exe Nasty
    Nasty running process. (bargains.exe)
    BargainBuddy foistware This is a nasty process! You should fix it and try to delete it manually!
    C:\Program Files\NaviSearch\bin\nls.exe Nasty
    Nasty running process. (nls.exe)
    eXact Advertising Software This is a nasty process! You should fix it and try to delete it manually!
    C:\WINDOWS\System32\psitoc.exe Unknown
    Unknown running process. (psitoc.exe)
    This is a unknown process.
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe Safe.
    Safe. running process. (Weather.exe)
    Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs Not dangerous, but unnecessary.
    C:\PROGRA~1\Web Offer\wo.exe Nasty
    Nasty running process. (wo.exe)
    Ezula Web Offer foistware This is a nasty process! You should fix it and try to delete it manually!
    C:\Program Files\Registry Cleaner Trial\RegClean.exe Unknown
    Unknown running process. (RegClean.exe)
    This is a unknown process.
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe Safe.
    Safe. running process. (CLI.exe)
    ATI Control Center
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe Safe.
    Safe. running process. (hpqtra08.exe)
    HP Digital Imaging
    Possibly nasty! According to our database this process runs normally in c:\archivos de programa\hp\digital imaging\bin\! Check if you know this process and arrange a viruscheck where required.
    C:\Program Files\WinZip\WZQKPICK.EXE Safe.
    Safe. running process. (WZQKPICK.EXE)

    C:\WINDOWS\System32\psitoc.exe Unknown
    Unknown running process. (psitoc.exe)
    This is a unknown process.
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe Safe.
    Safe. running process. (lxbkbmon.exe)

    C:\WINDOWS\system32\wscideo.exe Unknown
    Unknown running process. (wscideo.exe)
    This is a unknown process.
    C:\WINDOWS\system32\wsoaclen.exe Unknown
    Unknown running process. (wsoaclen.exe)
    This is a unknown process.
    C:\Program Files\Aprps\CxtPls.exe Unknown
    Unknown running process. (CxtPls.exe)
    This is a unknown process.
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe Safe.
    Safe. running process. (realsched.exe)

    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe Safe.
    Safe. running process. (rnathchk.exe)

    C:\Program Files\BugDoctor\BugDoctor.exe Unknown
    Unknown running process. (BugDoctor.exe)
    This is a unknown process.
    C:\Program Files\Mozilla Firefox\firefox.exe Safe.
    Safe. running process. (firefox.exe)
    Internet Browser
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe Safe.
    Safe. running process. (HijackThis.exe)
    Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50249 Nasty
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Safe.
    Safe.
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Safe.
    Safe.
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Safe.
    Safe.
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50249 Nasty
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost Safe.
    Safe. This page has been identified as safe.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50249 Nasty
    Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll Nasty
    Nasty Should be fixed.
    O1 - Hosts: 62.75.224.159 www.bns1.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.bns2.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.bns3.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.bns4.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.bns5.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.bns6.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.bns7.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.bns8.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.cms1.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.cms2.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.cms3.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.cms4.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.cms5.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.cms6.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.cms7.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.cms8.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 www.rg1.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 www.rg2.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 www.rg3.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 www.rg4.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 www.rg5.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 www.rg6.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 www.rg7.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 www.rg8.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 jcms.cydoor.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 cydoor.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 jnova.cjt1.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 j.2004CMS.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 2004CMS.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O1 - Hosts: 62.75.224.159 bns1.m7z.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 m7z.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 jcontent.bns1.net Possibly nasty
    Possibly nasty Unknown entries within the HOSTS-file should be fixed. Unknown URLs should be fixed.
    O1 - Hosts: 62.75.224.159 jbns2.cydoor.com Nasty
    Nasty This entry should be fixed immediately! Must be fixed!
    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll Nasty
    Nasty Entries found in this registry zone are potentially nasty. This application ([28CAEFF3-0F18-4036-B504-51D73BD81ABC] - Result: 28CAEFF3-0F18-4036-B504-51D73BD81ABC) has been checked. Hit rate: 99 % Must be fixed!
    O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll Nasty
    Nasty Entries found in this registry zone are potentially nasty. This application ([3643ABC2-21BF-46B9-B230-F247DB0C6FD6] - Result: 3643ABC2-21BF-46B9-B230-F247DB0C6FD6) has been checked. Hit rate: 99 % Must be fixed!
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll Nasty
    Nasty Entries found in this registry zone are potentially nasty. This application ([87766247-311C-43B4-8499-3D5FEC94A183] - Result: 87766247-311C-43B4-8499-3D5FEC94A183) has been checked. Hit rate: 99 % Must be fixed!
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe Safe.
    Safe. Hewlett-Packard
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe Safe.
    Safe. Part of Hewlett-Packard
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe Unknown
    Unknown ?
    Hit rate: 99 % (result) Unknown application.
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe Safe.
    Safe. Part of Hewlett-Packard
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r Safe.
    Safe. Sonic Update Manager
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Safe.
    Safe. Part of RealPlayer
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE Safe.
    Safe. On HP PC\'s. Unclear what purpose it serves - but there\'s a known issue with Internet Explorer Toolbar settings not being saved with it enabled
    Hit rate: 99 % (result) Not dangerous, but unnecessary.
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE Safe.
    Safe. Hewlett Packard Software
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe Safe.
    Safe. Application that implements the Intel Hotkey command.
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe Safe.
    Safe. Card reader for memory cards from digital cameras, etc
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime Safe.
    Safe. ATI Catalyst ControlCenter
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" Safe.
    Safe. Lexmark X1100 Series
    Hit rate: 99 % (result)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE Nasty
    Nasty Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
    Hit rate: 57 % (result) Must be fixed!
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Safe.
    Safe. QuickTime
    Hit rate: 99 % (result) Not dangerous, but unnecessary.
    O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe Nasty
    Nasty Spyware remover of dubious repute
    Hit rate: 95 % (result) Must be fixed!
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe Nasty
    Nasty Win32.Downloader.px
    Hit rate: 99 % (result) Must be fixed!
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected] Unknown
    Unknown
    Hit rate: 9 % (result) Unknown application.
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe Possibly nasty
    Possibly nasty
    Hit rate: 8 % (result) It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe Nasty
    Nasty Added by an unknown WORM or TROJAN!
    Hit rate: 99 % (result) Must be fixed!
    O4 - HKLM\..\Run: [d22d64653ac2] C:\WINDOWS\System32\asycfilt.exe Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe Nasty
    Nasty WinTools adware
    Hit rate: 99 % (result) Must be fixed!
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" Nasty
    Nasty PeopleonPage foistware
    Hit rate: 99 % (result) Must be fixed!
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" Nasty
    Nasty Internet connection optimizer. Malware.
    Hit rate: 99 % (result) Must be fixed!
    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nvprnv.exe reg_run Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe Unknown
    Unknown
    Hit rate: 13 % (result) Unknown application.
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [Vcknsoxg] C:\Program Files\Tmebrjr\Wnpv.exe Unknown
    Unknown
    Hit rate: 7 % (result) Unknown application.
    O4 - HKLM\..\Run: [sphjgwl] C:\WINDOWS\system32\sphjgwl.exe Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe Nasty
    Nasty BargainBuddy foistware
    Hit rate: 99 % (result) Must be fixed!
    O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe Nasty
    Nasty eXact Advertising Software
    Hit rate: 99 % (result) Must be fixed!
    O4 - HKLM\..\Run: [7FsV36U] wsoaclen.exe Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe Unknown
    Unknown HP Digital Imaging related. What does it do and is it required?
    Hit rate: 99 % (result) Unknown application.
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl Safe.
    Safe.
    Hit rate: -1 % (result)
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 Safe.
    Safe. Weatherbug provides current outdoor temperature in the System Tray, also weather alerts. Available via Start -> Programs
    Hit rate: 15 % (result) Not dangerous, but unnecessary.
    O4 - HKCU\..\Run: [Mo39RWY5Q] wscideo.exe Unknown
    Unknown
    Hit rate: 6 % (result) Unknown application.
    O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe Unknown
    Unknown
    Hit rate: -1 % (result) Unknown application.
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe Nasty
    Nasty Ezula Web Offer foistware
    Hit rate: 99 % (result) Must be fixed!
    O4 - HKCU\..\Run: [psitoc] C:\WINDOWS\System32\psitoc.exe Unknown
    Unknown
    Hit rate: 9 % (result) Unknown application.
    O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe" Unknown
    Unknown
    Hit rate: 9 % (result) Unknown application.
    O4 - HKCU\..\RunOnce: [psitoc] C:\WINDOWS\System32\psitoc.exe Unknown
    Unknown
    Hit rate: 9 % (result) Unknown application.
    O4 - Startup: AutoTBar.exe Unknown
    Unknown
    Hit rate: 5 % (result) Unknown application.
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe Safe.
    Safe.
    Hit rate: 91 % (result)
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe Safe.
    Safe. ATI CATALYST
    Hit rate: 95 % (result)
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe Safe.
    Safe. HP digital imaging monitor; can apparently be launched manually.
    Hit rate: 95 % (result) Not dangerous, but unnecessary.
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe Unknown
    Unknown
    Hit rate: 7 % (result) Unknown application.
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE Safe.
    Safe. Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up
    Hit rate: 93 % (result) Not dangerous, but unnecessary.
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Probably safe.
    Probably safe. Fix this entry if you did not activate the 'Lock homepage from changes' option in some kind of anti-spyware tool. To be fixed if not done intentionally.
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Probably safe.
    Probably safe. Fix this entry if you did not activate the 'Lock homepage from changes' option in some kind of anti-spyware tool. To be fixed if not done intentionally.
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Safe.
    Safe. The entry E&xport to Microsoft Excel has been identified as safe. If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed.
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) Safe.
    Safe. The entry Sun Java Console has been identified as safe. If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.
    O9 - Extra button: Research (HKLM) Possibly nasty
    Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'Research ' is unknown.
    O9 - Extra button: AIM (HKLM) Safe.
    Safe. The entry AIM has been identified as safe. If the entry 'AIM ' is not needed anymore, it should be fixed.
    O9 - Extra button: MUSICMATCH MX Web Player (HKLM) Possibly nasty
    Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'MUSICMATCH MX Web Player ' is unknown.
    O9 - Extra button: MoneySide (HKLM) Possibly nasty
    Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'MoneySide ' is unknown.
    O9 - Extra button: Messenger (HKLM) Safe.
    Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed.
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) Safe.
    Safe. The entry Windows Messenger has been identified as safe. If the entry 'Windows Messenger ' is not needed anymore, it should be fixed.
    O9 - Extra button: WeatherBug (HKCU) Possibly nasty
    Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'WeatherBug ' is unknown.
    O15 - Trusted Zone: http://www.neededware.com Safe.
    Safe. If you did not add these pages to your trusted pages, they should be fixed.
    O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab Possibly nasty
    Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab Safe.
    Safe. This entry has been identified as safe.
    O16 - DPF: {D27CDB6E-AE6D-0000-0000-000000000000} - http://download.macromedia.com/pub/...ash/swflash.cab Possibly nasty
    Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab Safe.
    Safe. This entry has been identified as safe.
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab Possibly nasty
    Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads.../ampx_en_dl.cab Safe.
    Safe. This entry has been identified as safe.
     
  7. noxxs

    noxxs New Member

    Joined:
    Dec 14, 2004
    Messages:
    3,910
    Likes Received:
    0
    Location:
    Albany, NY
    honestly the computer i ran it on was the family computer, both my mom and my brother know jack shit about computers, my personal pc runs beautifully after two years without reformat, while the family one is only like a year old if even that. thanks for your help, i'll get onto deleting those things.
     
  8. HyTymez

    HyTymez New Member

    Joined:
    Mar 9, 2005
    Messages:
    92
    Likes Received:
    0
    sounds like you caught the good ol' CWS...IMO, the best programs to use is adaware, spybot, and spyware doctor, your uninstaller, and aboutbuster. Theres also a registry cleaner type program that i forget the name of. All can be found at downloads.com

    If those dont work...you caught the type that just regenerates itself...dont think theres a cure yet. Best thing to do to save you time is to reformate. If not, than everytime you reboot and open IE...the pop ups will go on and your home page will keep chaning. When i got that shit...i tried all kinds of stuff before giving in to reformating. I searched for cures in different forums, with no success. And I dl-ed every spyware software on downloads.com, and the ones that did the best, even tho didnt work, were the ones listed above. You could try one more thing, didnt work for me...but doesnt hurt to give it one more shot.

    Hopefully you remember what day and time you caught the virus, download and install at least adaware, download the updates, make sure it starts up on boot, no need to run after updating, reboot into safe mode, go to "find files or folders", do a search using the date...look for the approximate time it happened under "modications", delete everything that you think could be associated with it or looks unfamilar, (if you forgot the time...best way to guess would to find the ones with all the same times and with wierd names like "wkegrhl.dll"), reboot into regular mode and allow adaware to scan the system.

    When/if you reformat...ditch IE and go with mozilla (mozilla.org)...wont have to deal with it again.
     

Share This Page