| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 85127 | 2007-11-30 09:20:00 | Downloading Programs | umila (13079) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 616772 | 2007-11-30 09:20:00 | Hi I wonder if you kind people can assist. I have downloaded some programs, such as spybot, spyware doctor and others such as real one and they all appear in the task bar. I read that too many files in the start up program can slow the computer down, so when I am downloading in the future, if the computer defaults to programs etc, do I chose a folder to down load the program so it doesn't appear in the start up menu. And/or it there a way to remove the programs from the task bar. I've been trying to rid system of trojans RadLight and surfside kick does anyone know the program to rid these ones of system. I let the Adware software slip and it doesnt seem to connect to update. Just read tonight that there is a newer version out. Should I uninstall first or should I download the new one and keep the one too. Because some comments I read said that it was now cumbersome to use. |
umila (13079) | ||
| 616773 | 2007-11-30 12:01:00 | Do you mean to many programs in your system tray....? To remove from there couple of options. Open the program and look for any option to start the program when starting windows, remove the tick from that option. Have a look also in Start > Programs > StartUp and make sure done are in there and drag the item from there if it appears into your main program menu drop down list. Next, check Start > Run > type in msconfig > press enter, go to the Start Up tab > untick those programs that you don't want starting when the computer starts up, click ok, on restarting the computer, tick the box that says you are using Selective Startup. As for your other problems, maybe start by downloading HiJackThis, look for a post from Speedy and the link will be at the bottom of his posts, run that and copy and paste the result into here for someone experienced in HiJack to comment on. |
PinoyKiw (9675) | ||
| 616774 | 2007-11-30 16:26:00 | Try trojan remover in my sig below for Surfsidekick. Its in its database. It may remove it. Update the above click on scan. Then select all options under the utilities menu. Yup and get hijackthis in my sig below. Put it in its own folder run it then click on scan the system and save a log. Copy and paste the log here. And download rogueremover in my sig below, update it then click on scan. See if it picks Radlight up and removes it. |
Speedy Gonzales (78) | ||
| 616775 | 2007-11-30 22:36:00 | Thanks for replies - Speedy Gonzales and PinoyKiw I have Trojan remover which I ran today and found the following alert what do I do Sorry I cant seem to work the paste here This is what is says The windows registry attempts to load this file at boot time HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Registry value name piiserviceOE Selection Action required . Leave this reference in place . Remove this reference from Windows Registry It has the second option ticked. What do I select. |
umila (13079) | ||
| 616776 | 2007-11-30 22:44:00 | It looks like piiserviceOE belongs to Spam Inspector It looks like its safe. Select: Leave this reference in place Hmm looks like its called Windows defender now. So, u cant copy and paste a hijackthis log?? Did trojan remover pick up anything else?? |
Speedy Gonzales (78) | ||
| 616777 | 2007-11-30 22:53:00 | Hi Speedy Gonzales The scan stalled until I replied. I will try and paste the log when it finishes |
umila (13079) | ||
| 616778 | 2007-12-01 00:00:00 | Here is the scan report. I had to redo the scan ..... ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.6.4.2499. For information, email support@simplysup1.com [Unregistered version] Scan started at: 12/01/2007 1:43:49 PM Using Database v6894 Operating System: Windows 2000 Professional Service Pack 4 (Build 2195) Data directory: C:\Documents and Settings\Administrator\Application Data\Simply Super Software\Trojan Remover\ Logfile directory: C:\Documents and Settings\Administrator\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** The following Anti-Malware program(s) are loaded: [AV Warnings are suppressed] AVG Anti-Virus ************************************************** Checking Registry exefile command for modifications Checking Registry comfile command for modifications Checking Registry piffile command for modifications Checking Registry batfile command for modifications Checking Registry regfile command for modifications Checking Registry cmdfile command for modifications Checking Registry scrfile command for modifications ************************************************** 1:43:49 PM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINNT ************************************************** 1:43:49 PM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINNT ************************************************** 1:43:49 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** 1:43:49 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Explorer.exe - this entry has been left in place ---------- This key's "Userinit" value calls the following program(s): C:\WINNT\system32\userinit.exe - this entry has been left in place ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value appears to be blank ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name = load The Data Value for this entry appears to be blank -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = SiS Tray Value Data = C:\WINNT\System32\sistray.EXE - this command has been left in place -------------------- Value Name = SiS7012Utility Value Data = C:\WINNT\System32\SiSAudUt.exe -wdm - this command has been left in place -------------------- Value Name = NeroCheck Value Data = C:\WINNT\System32\NeroCheck.exe - this command has been left in place -------------------- Value Name = SmartButton Value Data = C:\WINNT\Twain_32\3730\SButton.Exe - this command has been left in place -------------------- Value Name = HPDJ Taskbar Utility Value Data = C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe - this command has been left in place -------------------- Value Name = TkBellExe Value Data = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot - this command has been left in place -------------------- Value Name = LoadQM Value Data = loadqm.exe - this command has been left in place -------------------- Value Name = QuickTime Task Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place -------------------- Value Name = Pop3trap.exe Value Data = C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe - this command has been left in place -------------------- Value Name = WebTrapNT.exe Value Data = C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe - this command has been left in place -------------------- Value Name = piiserviceOE Value Data = - this command has been removed [file not found to scan] -------------------- Value Name = AVG7_CC Value Data = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP - this command has been left in place -------------------- Value Name = Zone Labs Client Value Data = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - this command has been left in place -------------------- Value Name = TrojanScanner Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = Uniblue RegistryBooster 2 Value Data = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S - this command has been left in place -------------------- Value Name = SpybotSD TeaTimer Value Data = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this command has been left in place -------------------- Value Name = msnmsgr Value Data = C:\Program Files\MSN Messenger\msnmsgr.exe" /background - this command has been left in place [file not found to scan] -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty ************************************************** 1:44:41 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {54D9498B-CF93-414F-8984-8CE7FDE0D391} Value: ewido shell guard File: C:\Program Files\ewido\security suite\shellhook.dll C:\Program Files\ewido\security suite\shellhook.dll - this ShellExecuteHook has been left in place ---------- ************************************************** 1:44:41 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** 1:44:41 PM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************** 1:44:41 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Checking the StubPath calls in the Active Setup\Installed Components registry keys: Key=>{26923b43-4d38-484f-9b9e-de460746276c} StubPath=C:\WINNT\system32\shmgrate.exe - this reference has been left in place ---------- Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath=C:\WINNT\system32\shmgrate.exe - this reference has been left in place ---------- Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={6A5110B5-E14B-4268-A065-EF89FF33C325} StubPath=regsvr32.exe - this reference has been left in place ---------- Key={7790769C-0471-11d2-AF11-00C04FA35D02} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4340} StubPath=regsvr32.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4383} StubPath=C:\WINNT\System32\ie4uinit.exe - this reference has been left in place ---------- Key={9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} StubPath=C:\WINNT\System32\updcrl.exe - this reference has been left in place ---------- ************************************************** 1:44:43 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Checking DLL files called from the CurrentControlSet\Services Keys: -------------------- Key=BITS ServiceDLL=%SystemRoot%\System32\qmgr.dll - this reference has been left in place -------------------- Key=EventSystem ServiceDLL=C:\WINNT\System32\es.dll - this reference has been left in place -------------------- Key=Netman ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place -------------------- Key=NtmsSvc ServiceDLL=%SystemRoot%\System32\NtmsSvc.dll - this reference has been left in place -------------------- Key=RasAuto ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place -------------------- Key=RasMan ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place -------------------- Key=RemoteAccess ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place -------------------- Key=RpcSs ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place -------------------- Key=SENS ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place -------------------- Key=SharedAccess ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place -------------------- Key=TapiSrv ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place -------------------- Key=wuauserv ServiceDLL=C:\WINNT\system32\wuauserv.dll - this reference has been left in place -------------------- Key=WZCSVC ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place ************************************************** 1:44:44 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Checking files called from the CurrentControlSet\Services Keys: Key=ACPI ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place ---------- Key=AFD ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place ---------- Key=Alerter ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=AppMgmt ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=AsyncMac ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place ---------- Key=atapi ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place ---------- Key=Atmarpc ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place ---------- Key=audstub ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place ---------- Key=Avg7Alrt ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - this reference has been left in place ---------- Key=Avg7Core ImagePath=\SystemRoot\System32\Drivers\avg7core.sy s - this reference has been left in place ---------- Key=Avg7RsNT ImagePath=\SystemRoot\System32\Drivers\avg7rsnt.sy s - this reference has been left in place ---------- Key=Avg7RsW ImagePath=\SystemRoot\System32\Drivers\avg7rsw.sys - this reference has been left in place ---------- Key=Avg7UpdSvc ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - this reference has been left in place ---------- Key=AvgClean ImagePath=\SystemRoot\System32\Drivers\avgclean.sy s - this reference has been left in place ---------- Key=AVGEMS ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - this reference has been left in place ---------- Key=AvgTdi ImagePath=\SystemRoot\System32\Drivers\avgtdi.sys - this reference has been left in place ---------- Key=BOCDRIVE ImagePath=\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys - this reference has been left in place ---------- Key=BOCore ImagePath=C:\Program Files\Comodo\CBOClean\BOCORE.exe - this reference has been left in place ---------- Key=Browser ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=CCDECODE ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place ---------- Key=Cdrom ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place ---------- Key=cisvc ImagePath=C:\WINNT\System32\cisvc.exe - this reference has been left in place ---------- Key=ClipSrv ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place ---------- Key=Dhcp ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=Disk ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place ---------- Key=dmadmin ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place ---------- Key=dmboot ImagePath=System32\drivers\dmboot.sys - this reference has been left in place ---------- Key=dmio ImagePath=System32\drivers\dmio.sys - this reference has been left in place ---------- Key=dmload ImagePath=System32\drivers\dmload.sys - this reference has been left in place ---------- Key=dmserver ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=DMusic ImagePath=system32\drivers\DMusic.sys - this reference has been left in place ---------- Key=Dnscache ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=Eventlog ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=ewido security suite control ImagePath=C:\Program Files\ewido\security suite\ewidoctrl.exe - this reference has been left in place ---------- Key=ewido security suite driver ImagePath=\??\C:\Program Files\ewido\security suite\guard.sys - this reference has been left in place ---------- Key=ewido security suite guard ImagePath=C:\Program Files\ewido\security suite\ewidoguard.exe - this reference has been left in place ---------- Key=Fax ImagePath=%systemroot%\system32\faxsvc.exe - this reference has been left in place ---------- Key=Fdc ImagePath=System32\DRIVERS\fdc.sys - this reference has been left in place ---------- Key=Flpydisk ImagePath=System32\DRIVERS\flpydisk.sys - this reference has been left in place ---------- Key=FltMgr ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place ---------- Key=Ftdisk ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place ---------- Key=gameenum ImagePath=System32\DRIVERS\gameenum.sys - this reference has been left in place ---------- Key=Gpc ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place ---------- Key=i8042prt ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place ---------- Key=IpFilterDriver ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place ---------- Key=IpInIp ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place ---------- Key=IpNat ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place ---------- Key=IPSEC ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place ---------- Key=IRENUM ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place ---------- Key=isapnp ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place ---------- Key=Kbdclass ImagePath=System32\DRIVERS\kbdclass.sys - this reference has been left in place ---------- Key=kmixer ImagePath=system32\drivers\kmixer.sys - this reference has been left in place ---------- Key=lanmanserver ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=lanmanworkstation ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=LmHosts ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=Messenger ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=mnmsrvc ImagePath=C:\WINNT\System32\mnmsrvc.exe - this reference has been left in place ---------- Key=MODEMCSA ImagePath=system32\drivers\MODEMCSA.sys - this reference has been left in place ---------- Key=Mouclass ImagePath=System32\DRIVERS\mouclass.sys - this reference has been left in place ---------- Key=MPE ImagePath=System32\DRIVERS\MPE.sys - this reference has been left in place ---------- Key=MRxSmb ImagePath=System32\DRIVERS\mrxsmb.sys - this reference has been left in place ---------- Key=MSDTC ImagePath=C:\WINNT\System32\msdtc.exe - this reference has been left in place ---------- Key=MSIServer ImagePath=C:\WINNT\system32\msiexec.exe /V - this reference has been left in place ---------- Key=MSKSSRV ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place ---------- Key=MSPCLOCK ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place ---------- Key=MSPQM ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place ---------- Key=MSTEE ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place ---------- Key=NABTSFEC ImagePath=System32\DRIVERS\NABTSFEC.sys - this reference has been left in place ---------- Key=NdisTapi ImagePath=System32\DRIVERS\ndistapi.sys - this reference has been left in place ---------- Key=Ndisuio ImagePath=System32\DRIVERS\ndisuio.sys - this reference has been left in place ---------- Key=NdisWan ImagePath=System32\DRIVERS\ndiswan.sys - this reference has been left in place ---------- Key=NetBIOS ImagePath=System32\DRIVERS\netbios.sys - this reference has been left in place ---------- Key=NetBT ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place ---------- Key=NetDDE ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place ---------- Key=NetDDEdsdm ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place ---------- Key=NetDetect ImagePath=\SystemRoot\system32\drivers\netdtect.sy s - this reference has been left in place ---------- Key=Netlogon ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place ---------- Key=NtLmSsp ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place ---------- Key=NwlnkFlt ImagePath=System32\DRIVERS\nwlnkflt.sys - this reference has been left in place ---------- Key=NwlnkFwd ImagePath=System32\DRIVERS\nwlnkfwd.sys - this reference has been left in place ---------- Key=openhci ImagePath=System32\DRIVERS\openhci.sys - this reference has been left in place ---------- Key=Parallel ImagePath=System32\DRIVERS\parallel.sys - this reference has been left in place ---------- Key=Parport ImagePath=System32\DRIVERS\parport.sys - this reference has been left in place ---------- Key=PCI ImagePath=System32\DRIVERS\pci.sys - this reference has been left in place ---------- Key=PCIIde ImagePath=System32\DRIVERS\pciide.sys - this reference has been left in place ---------- Key=PlugPlay ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=pmxscan ImagePath=System32\DRIVERS\usbscan.sys - this reference has been left in place ---------- Key=PolicyAgent ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place ---------- Key=PptpMiniport ImagePath=System32\DRIVERS\raspptp.sys - this reference has been left in place ---------- Key=ProtectedStorage ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=Ptilink ImagePath=System32\DRIVERS\ptilink.sys - this reference has been left in place ---------- Key=PxHelp20 ImagePath=system32\Drivers\PxHelp20.sys - this reference has been left in place ---------- Key=RasAcd ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place ---------- Key=Rasl2tp ImagePath=System32\DRIVERS\rasl2tp.sys - this reference has been left in place ---------- Key=Raspti ImagePath=System32\DRIVERS\raspti.sys - this reference has been left in place ---------- Key=RCA ImagePath=system32\drivers\RCA.sys - this reference has been left in place ---------- Key=Rdbss ImagePath=System32\DRIVERS\rdbss.sys - this reference has been left in place ---------- Key=redbook ImagePath=System32\DRIVERS\redbook.sys - this reference has been left in place ---------- Key=RemoteRegistry ImagePath=%SystemRoot%\system32\regsvc.exe - this reference has been left in place ---------- Key=RpcLocator ImagePath=%SystemRoot%\System32\locator.exe - this reference has been left in place ---------- Key=RSVP ImagePath=%SystemRoot%\System32\rsvp.exe -s - this reference has been left in place ---------- Key=SamSs ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=SCardDrv ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place ---------- Key=SCardSvr ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place ---------- Key=Schedule ImagePath=%SystemRoot%\system32\MSTask.exe - this reference has been left in place ---------- Key=Secdrv ImagePath=\??\C:\WINNT\System32\drivers\SECDRV.SYS - this reference has been left in place ---------- Key=seclogon ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=serenum ImagePath=System32\DRIVERS\serenum.sys - this reference has been left in place ---------- Key=Serial ImagePath=System32\DRIVERS\serial.sys - this reference has been left in place ---------- Key=SiS315 ImagePath=System32\DRIVERS\sisgrp.sys - this reference has been left in place ---------- Key=SiS7012 ImagePath=system32\drivers\sis7012.sys - this reference has been left in place ---------- Key=SISAGP ImagePath=System32\DRIVERS\SISAGP.sys - this reference has been left in place ---------- Key=SLIP ImagePath=System32\DRIVERS\SLIP.sys - this reference has been left in place ---------- Key=Spooler ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place ---------- Key=Srv ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place ---------- Key=streamip ImagePath=System32\DRIVERS\StreamIP.sys - this reference has been left in place ---------- Key=swenum ImagePath=System32\DRIVERS\swenum.sys - this reference has been left in place ---------- Key=swmidi ImagePath=system32\drivers\swmidi.sys - this reference has been left in place ---------- Key=sysaudio ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place ---------- Key=SysmonLog ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place ---------- Key=Tcpip ImagePath=System32\DRIVERS\tcpip.sys - this reference has been left in place ---------- Key=TlntSvr ImagePath=%SystemRoot%\system32\tlntsvr.exe - this reference has been left in place ---------- Key=tmcomm ImagePath=\??\C:\WINNT\system32\drivers\tmcomm.sys - this reference has been left in place ---------- Key=Tmfilter ImagePath=System32\drivers\Tmfilter.sys - this reference has been left in place ---------- Key=Tmntsrv ImagePath="C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe" - this reference has been left in place ---------- Key=TrkWks ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=TVICHW32 ImagePath=\??\C:\WINNT\system32\DRIVERS\TVICHW32.S YS - this reference has been left in place ---------- Key=Update ImagePath=System32\DRIVERS\update.sys - this reference has been left in place ---------- Key=UPS ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place ---------- Key=usbhub ImagePath=System32\DRIVERS\usbhub.sys - this reference has been left in place ---------- Key=usbprint ImagePath=System32\DRIVERS\usbprint.sys - this reference has been left in place ---------- Key=USBSTOR ImagePath=System32\DRIVERS\USBSTOR.SYS - this reference has been left in place ---------- Key=UtilMan ImagePath=%SystemRoot%\System32\UtilMan.exe - this reference has been left in place ---------- Key=VgaSave ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place ---------- Key=Vsapint ImagePath=System32\drivers\Vsapint.sys - this reference has been left in place ---------- Key=vsdatant ImagePath=System32\vsdatant.sys - this reference has been left in place ---------- Key=vsmon ImagePath=C:\WINNT\system32\ZoneLabs\vsmon.exe -service - this file is globally excluded ---------- Key=W32Time ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=Wanarp ImagePath=System32\DRIVERS\wanarp.sys - this reference has been left in place ---------- Key=wdmaud ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place ---------- Key=Winacpci ImagePath=System32\DRIVERS\winacpci.sys - this reference has been left in place ---------- Key=WinMgmt ImagePath=%SystemRoot%\System32\WBEM\WinMgmt.exe - this reference has been left in place ---------- Key=Wmi ImagePath=%SystemRoot%\system32\Services.exe - this reference has been left in place ---------- Key=WS2IFSL ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place ---------- Key=WSTCODEC ImagePath=System32\DRIVERS\WSTCODEC.SYS - this reference has been left in place ---------- ************************************************** 1:44:59 PM: Scanning -----VXD ENTRIES----- Checking the following VxD entries: Checking VMM32 VxD files being loaded ************************************************** 1:44:59 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Checking DLLs called from the Winlogon\Notify key: Key=crypt32chain DLLName=crypt32.dll - this reference has been left in place ---------- Key=cryptnet DLLName=cryptnet.dll - this reference has been left in place ---------- Key=cscdll DLLName=cscdll.dll - this reference has been left in place ---------- Key=sclgntfy DLLName=sclgntfy.dll - this reference has been left in place ---------- Key=SensLogn DLLName=WlNotify.dll - this reference has been left in place ---------- Key=wzcnotif DLLName=wzcdlg.dll - this reference has been left in place ---------- ************************************************** 1:44:59 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key = AVG7 Shell Extension CLSID = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} C:\Program Files\Grisoft\AVG7\avgse.dll - this ContextMenuHandler has been left in place ---------- Key = BriefcaseMenu CLSID = {85BBD920-42A0-1069-A2E4-08002B30309D} syncui.dll - this ContextMenuHandler has been left in place ---------- Key = ewido CLSID = {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} C:\Program Files\ewido\security suite\context.dll - this ContextMenuHandler has been left in place ---------- Key = Offline Files CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03} cscui.dll - this ContextMenuHandler has been left in place ---------- Key = Open With CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936} %SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place ---------- Key = Open With EncryptionMenu CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46} %SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place ---------- Key = Trojan Remover CLSID = {52B87208-9CCF-42C9-B88E-069281105805} C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place ---------- Key = WinZip CLSID = {E0D79304-84BE-11CE-9641-444553540000} C:\PROGRA~1\WINZIP\WZSHLSTB.DLL - this ContextMenuHandler has been left in place ---------- Key = {48F45200-91E6-11CE-8A4F-0080C81A28D4} C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll - this ContextMenuHandler has been left in place ---------- Key = {B95057E0-44DB-11CE-A5D1-00608C83BD3F} shellwp.dll - this ContextMenuHandler has been left in place ---------- ************************************************** 1:45:00 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871} %SystemRoot%\system32\shell32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {24F14F01-7B1C-11d1-838f-0000F80461CF} %SystemRoot%\system32\shell32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {24F14F02-7B1C-11d1-838f-0000F80461CF} %SystemRoot%\system32\shell32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {66742402-F9B9-11D1-A202-0000F81FEDEE} C:\WINNT\System32\docprop2.dll - this Folder\ColumnHandler has been left in place ---------- Key = {7f9609be-af9a-11d1-83e0-00c04fb6e984} %SystemRoot%\system32\faxshell.dll - this Folder\ColumnHandler has been left in place ---------- Key = {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} C:\WINNT\System32\docprop2.dll - this Folder\ColumnHandler has been left in place ---------- Key = {F9DB5320-233E-11D1-9F84-707F02C10627} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place ---------- ************************************************** 1:45:01 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place ---------- ************************************************** 1:45:01 PM: Scanning ----- SHELLSERVICEOBJECTS ----- Key = Network.ConnectionTray CLSID = {7007ACCF-3202-11D1-AAD2-00805FC1270E} C:\WINNT\system32\NETSHELL.dll - this ShellServiceObject has been left in place ---------- Key = WebCheck CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} %SystemRoot%\System32\webcheck.dll - this ShellServiceObject has been left in place ---------- Key = SysTray CLSID = {35CEC8A3-2BE6-11D2-8773-92E220524153} stobject.dll - this ShellServiceObject has been left in place ---------- ************************************************** 1:45:01 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1} Comment = Browseui preloader File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place ---------- Value = {8C7461EF-2B13-11d2-BE35-3078302C2030} Comment = Component Categories cache daemon File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place ---------- ************************************************** 1:45:01 PM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** 1:45:02 PM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank ************************************************** 1:45:02 PM: Scanning ----- SECURITY PROVIDER DLLS ----- msapsspc.dll - this entry has been left in place ---------- schannel.dll - this entry has been left in place ---------- digest.dll - this entry has been left in place ---------- msnsspc.dll - this entry has been left in place ---------- ************************************************** 1:45:02 PM: Scanning ------ USER STARTUP GROUPS ------ Checking Startup Group for All Users [C:\WINNT\Profiles\All Users\Start Menu\Programs\StartUp] No Startup files for All Users were located to check ************************************************** 1:45:02 PM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: Adobe Reader Speed Launch.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe and has been left in place -------------------- Real-time Monitor.lnk - this links to C:\WINNT\Installer\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\_A687B56.exe and has been left in place -------------------- WinZip Quick Pick.lnk - this links to C:\Program Files\WinZip\WZQKPICK.EXE and has been left in place -------------------- ************************************************** 1:45:02 PM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): AstroClock.lnk - this links to C:\Program Files\AstroClock\AstroClock.exe and has been left in place Lunabar Taskbar Icon.lnk - this links to C:\Program Files\Lunabar\Lunabar.exe and has been left in place ************************************************** 1:45:02 PM: Scanning ----- SCHEDULED TASKS ----- Taskname: Uniblue SpyEraser Nag.job File: C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe Parameters: -ynag Next Run Time: 12/10/2007 7:04:00 PM Status: The task has not yet run Creator: Administrator Comments: [blank] C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe - this entry has been left in place [file not found to scan] ---------- Taskname: Uniblue SpyEraser.job File: C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe Parameters: -s Next Run Time: Never Status: One or more of the properties that are needed to run this task on a schedule have not been set Creator: Administrator Comments: Uniblue SpyEraser Scheduler C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe - this entry has been left in place [file not found to scan] ---------- Taskname: XoftSpy.job File: C:\Program Files\XoftSpy\XoftSpy.exe Parameters: -t Next Run Time: Never Status: One or more of the properties that are needed to run this task on a schedule have not been set Creator: Administrator Comments: Runs XoftSpy at Scheduled Time. C:\Program Files\XoftSpy\XoftSpy.exe - this entry has been left in place ---------- ************************************************** 1:45:07 PM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed --------- Windows Explorer Policies checks completed ---------- ************************************************** 1:45:07 PM: Scanning ------ DOWNLOADED PROGRAM FILES ------ The following files are located in the DOWNLOADED PROGRAM FILES directory: C:\WINNT\Downloaded Program Files\asquared.ocx - this file has been left in place C:\WINNT\Downloaded Program Files\desktop.ini - this file has been left in place C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd - this file has been left in place C:\WINNT\Downloaded Program Files\driveragent.inf - this file has been left in place C:\WINNT\Downloaded Program Files\driveragent.ocx - this file has been left in place C:\WINNT\Downloaded Program Files\erma.inf - this file has been left in place C:\WINNT\Downloaded Program Files\hcImpl.inf - this file has been left in place C:\WINNT\Downloaded Program Files\HouseCallButton.dll - this file has been left in place C:\WINNT\Downloaded Program Files\HouseCallButton.INF - this file has been left in place C:\WINNT\Downloaded Program Files\Housecall_ActiveX.dll - this file has been left in place C:\WINNT\Downloaded Program Files\iuctl.inf - this file has been left in place C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place C:\WINNT\Downloaded Program Files\MsnPUpld.dll - this file has been left in place C:\WINNT\Downloaded Program Files\MSNPupld.inf - this file has been left in place C:\WINNT\Downloaded Program Files\PURen-us.dll - this file has been left in place C:\WINNT\Downloaded Program Files\QuickTimeInstallCache.qdat - this file has been left in place C:\WINNT\Downloaded Program Files\swflash.inf - this file has been left in place C:\WINNT\Downloaded Program Files\tvichw32.sys - this file has been left in place C:\WINNT\Downloaded Program Files\wmv8ax.inf - this file has been left in place C:\WINNT\Downloaded Program Files\WMV9VCM.inf - this file has been left in place C:\WINNT\Downloaded Program Files\wmvax.inf - this file has been left in place C:\WINNT\Downloaded Program Files\ZIntro.ocx - this file has been left in place ************************************************** 1:45:10 PM: Scanning ----- RUNNING PROCESSES ----- [Only loaded modules not scanned already during this scan will be scanned here] C:\WINNT\System32\smss.exe [2 loaded modules in total] -------------------- C:\WINNT\system32\csrss.exe [8 loaded modules in total] -------------------- C:\WINNT\system32\winlogon.exe [66 loaded modules in total] -------------------- C:\WINNT\system32\services.exe [59 loaded modules in total] -------------------- C:\WINNT\system32\lsass.exe [53 loaded modules in total] -------------------- C:\WINNT\system32\svchost.exe [46 loaded modules in total] -------------------- C:\WINNT\system32\spoolsv.exe [57 loaded modules in total] -------------------- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [51 loaded modules in total] -------------------- C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [15 loaded modules in total] -------------------- C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [64 loaded modules in total] -------------------- C:\Program Files\Comodo\CBOClean\BOCORE.exe [7 loaded modules in total] -------------------- C:\WINNT\System32\svchost.exe [80 loaded modules in total] -------------------- C:\Program Files\ewido\security suite\ewidoctrl.exe [26 loaded modules in total] -------------------- C:\WINNT\system32\regsvc.exe [5 loaded modules in total] -------------------- C:\WINNT\system32\MSTask.exe [46 loaded modules in total] -------------------- C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe [9 loaded modules in total] -------------------- C:\WINNT\system32\ZoneLabs\vsmon.exe [no modules loaded] -------------------- C:\WINNT\Explorer.EXE [89 loaded modules in total] -------------------- C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe [7 loaded modules in total] -------------------- C:\WINNT\System32\WBEM\WinMgmt.exe [18 loaded modules in total] -------------------- C:\WINNT\system32\svchost.exe [73 loaded modules in total] -------------------- C:\WINNT\System32\sistray.EXE [15 loaded modules in total] -------------------- C:\WINNT\System32\SiSAudUt.exe [20 loaded modules in total] -------------------- C:\WINNT\Twain_32\3730\SButton.Exe [20 loaded modules in total] -------------------- C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe [14 loaded modules in total] -------------------- C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe [12 loaded modules in total] -------------------- C:\Program Files\QuickTime\qttask.exe [46 loaded modules in total] -------------------- C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe [29 loaded modules in total] -------------------- C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe [27 loaded modules in total] -------------------- C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [49 loaded modules in total] -------------------- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [no modules loaded] -------------------- C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [56 loaded modules in total] -------------------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [25 loaded modules in total] -------------------- C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe [20 loaded modules in total] -------------------- C:\Program Files\WinZip\WZQKPICK.EXE [17 loaded modules in total] -------------------- C:\Program Files\AstroClock\AstroClock.exe [23 loaded modules in total] -------------------- C:\Program Files\Lunabar\Lunabar.exe [17 loaded modules in total] -------------------- C:\Program Files\Internet Explorer\iexplore.exe [93 loaded modules in total] -------------------- C:\Program Files\Internet Explorer\IEXPLORE.EXE [82 loaded modules in total] -------------------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software\Trojan Remover\ldtE3.exe FileSize: 2,257,472 [This is a Trojan Remover component] [10 loaded modules in total] -------------------- ************************************************** 1:45:41 PM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************** 1:45:41 PM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINNT\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************** 1:45:41 PM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page": This value is blank HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": www.microsoft.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.microsoft.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.co.nz/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINNT\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page": This value is blank ************************************************** === CHANGES WERE MADE TO THE WINDOWS REGISTRY === Scan completed at: 12/01/2007 1:45:41 PM ************************************************** ********** ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.6.4.2499. For information, email support@simplysup1.com [Unregistered version] Scan started at: 12/01/2007 1:39:48 PM Using Database v6894 Operating System: Windows 2000 Professional Service Pack 4 (Build 2195) Data directory: C:\Documents and Settings\Administrator\Application Data\Simply Super Software\Trojan Remover\ Logfile directory: C:\Documents and Settings\Administrator\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** The following Anti-Malware program(s) are loaded: [AV Warnings are suppressed] AVG Anti-Virus ************************************************** Checking Registry exefile command for modifications Checking Registry comfile command for modifications Checking Registry piffile command for modifications Checking Registry batfile command for modifications Checking Registry regfile command for modifications Checking Registry cmdfile command for modifications Checking Registry scrfile command for modifications ************************************************** 1:39:48 PM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINNT ************************************************** 1:39:48 PM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINNT ************************************************** 1:39:48 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** 1:39:48 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Explorer.exe - this entry has been left in place ---------- This key's "Userinit" value calls the following program(s): C:\WINNT\system32\userinit.exe - this entry has been left in place ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value appears to be blank ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name = load The Data Value for this entry appears to be blank -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = SiS Tray Value Data = C:\WINNT\System32\sistray.EXE - this command has been left in place -------------------- Value Name = SiS7012Utility Value Data = C:\WINNT\System32\SiSAudUt.exe -wdm - this command has been left in place -------------------- Value Name = NeroCheck Value Data = C:\WINNT\System32\NeroCheck.exe - this command has been left in place -------------------- Value Name = SmartButton Value Data = C:\WINNT\Twain_32\3730\SButton.Exe - this command has been left in place -------------------- Value Name = HPDJ Taskbar Utility Value Data = C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe - this command has been left in place -------------------- Value Name = TkBellExe Value Data = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot - this command has been left in place -------------------- Value Name = LoadQM Value Data = loadqm.exe - this command has been left in place -------------------- Value Name = QuickTime Task Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place -------------------- Value Name = Pop3trap.exe Value Data = C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe - this command has been left in place -------------------- Value Name = WebTrapNT.exe Value Data = C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe - this command has been left in place -------------------- Value Name = piiserviceOE Value Data = - this command has been left in place [file not found to scan] -------------------- Value Name = AVG7_CC Value Data = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP - this command has been left in place -------------------- Value Name = Zone Labs Client Value Data = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - this command has been left in place -------------------- Value Name = TrojanScanner Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = msnmsgr Value Data = C:\Program Files\MSN Messenger\msnmsgr.exe" /background - this command has been removed [file not found to scan] -------------------- Value Name = Uniblue RegistryBooster 2 Value Data = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S - this command has been left in place -------------------- Value Name = SpybotSD TeaTimer Value Data = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this command has been left in place -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty ************************************************** 1:39:56 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {54D9498B-CF93-414F-8984-8CE7FDE0D391} Value: ewido shell guard File: C:\Program Files\ewido\security suite\shellhook.dll C:\Program Files\ewido\security suite\shellhook.dll - this ShellExecuteHook has been left in place ---------- ************************************************** 1:39:56 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** 1:39:57 PM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************** 1:39:57 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Checking the StubPath calls in the Active Setup\Installed Components registry keys: Key=>{26923b43-4d38-484f-9b9e-de460746276c} StubPath=C:\WINNT\system32\shmgrate.exe - this reference has been left in place ---------- Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath=C:\WINNT\system32\shmgrate.exe - this reference has been left in place ---------- Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={6A5110B5-E14B-4268-A065-EF89FF33C325} StubPath=regsvr32.exe - this reference has been left in place ---------- Key={7790769C-0471-11d2-AF11-00C04FA35D02} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4340} StubPath=regsvr32.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4383} StubPath=C:\WINNT\System32\ie4uinit.exe - this reference has been left in place ---------- Key={9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} StubPath=C:\WINNT\System32\updcrl.exe - this reference has been left in place ---------- ************************************************** 1:39:58 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Checking DLL files called from the CurrentControlSet\Services Keys: -------------------- Key=BITS ServiceDLL=%SystemRoot%\System32\qmgr.dll - this reference has been left in place -------------------- Key=EventSystem ServiceDLL=C:\WINNT\System32\es.dll - this reference has been left in place -------------------- Key=Netman ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place -------------------- Key=NtmsSvc ServiceDLL=%SystemRoot%\System32\NtmsSvc.dll - this reference has been left in place -------------------- Key=RasAuto ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place -------------------- Key=RasMan ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place -------------------- Key=RemoteAccess ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place -------------------- Key=RpcSs ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place -------------------- Key=SENS ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place -------------------- Key=SharedAccess ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place -------------------- Key=TapiSrv ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place -------------------- Key=wuauserv ServiceDLL=C:\WINNT\system32\wuauserv.dll - this reference has been left in place -------------------- Key=WZCSVC ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place ************************************************** 1:40:00 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Checking files called from the CurrentControlSet\Services Keys: Key=ACPI ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place ---------- Key=AFD ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place ---------- Key=Alerter ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=AppMgmt ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=AsyncMac ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place ---------- Key=atapi ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place ---------- Key=Atmarpc ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place ---------- Key=audstub ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place ---------- Key=Avg7Alrt ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - this reference has been left in place ---------- Key=Avg7Core ImagePath=\SystemRoot\System32\Drivers\avg7core.sy s - this reference has been left in place ---------- Key=Avg7RsNT ImagePath=\SystemRoot\System32\Drivers\avg7rsnt.sy s - this reference has been left in place ---------- Key=Avg7RsW ImagePath=\SystemRoot\System32\Drivers\avg7rsw.sys - this reference has been left in place ---------- Key=Avg7UpdSvc ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - this reference has been left in place ---------- Key=AvgClean ImagePath=\SystemRoot\System32\Drivers\avgclean.sy s - this reference has been left in place ---------- Key=AVGEMS ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - this reference has been left in place ---------- Key=AvgTdi ImagePath=\SystemRoot\System32\Drivers\avgtdi.sys - this reference has been left in place ---------- Key=BOCDRIVE ImagePath=\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys - this reference has been left in place ---------- Key=BOCore ImagePath=C:\Program Files\Comodo\CBOClean\BOCORE.exe - this reference has been left in place ---------- Key=Browser ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=CCDECODE ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place ---------- Key=Cdrom ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place ---------- Key=cisvc ImagePath=C:\WINNT\System32\cisvc.exe - this reference has been left in place ---------- Key=ClipSrv ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place ---------- Key=Dhcp ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=Disk ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place ---------- Key=dmadmin ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place ---------- Key=dmboot ImagePath=System32\drivers\dmboot.sys - this reference has been left in place ---------- Key=dmio ImagePath=System32\drivers\dmio.sys - this reference has been left in place ---------- Key=dmload ImagePath=System32\drivers\dmload.sys - this reference has been left in place ---------- Key=dmserver ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=DMusic ImagePath=system32\drivers\DMusic.sys - this reference has been left in place ---------- Key=Dnscache ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=Eventlog ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=ewido security suite control ImagePath=C:\Program Files\ewido\security suite\ewidoctrl.exe - this reference has been left in place ---------- Key=ewido security suite driver ImagePath=\??\C:\Program Files\ewido\security suite\guard.sys - this reference has been left in place ---------- Key=ewido security suite guard ImagePath=C:\Program Files\ewido\security suite\ewidoguard.exe - this reference has been left in place ---------- Key=Fax ImagePath=%systemroot%\system32\faxsvc.exe - this reference has been left in place ---------- Key=Fdc ImagePath=System32\DRIVERS\fdc.sys - this reference has been left in place ---------- Key=Flpydisk ImagePath=System32\DRIVERS\flpydisk.sys - this reference has been left in place ---------- Key=FltMgr ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place ---------- Key=Ftdisk ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place ---------- Key=gameenum ImagePath=System32\DRIVERS\gameenum.sys - this reference has been left in place ---------- Key=Gpc ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place ---------- Key=i8042prt ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place ---------- Key=IpFilterDriver ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place ---------- Key=IpInIp ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place ---------- Key=IpNat ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place ---------- Key=IPSEC ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place ---------- Key=IRENUM ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place ---------- Key=isapnp ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place ---------- Key=Kbdclass ImagePath=System32\DRIVERS\kbdclass.sys - this reference has been left in place ---------- Key=kmixer ImagePath=system32\drivers\kmixer.sys - this reference has been left in place ---------- Key=lanmanserver ImagePath=%SystemRoot%\System32\services.exe - this reference has been left in place ---------- Key=lanmanworkstati |
umila (13079) | ||
| 616779 | 2007-12-01 00:24:00 | Post a hijackthis log, not a trojan remover log. Hijackthis is in my sig below. I would get something thats more up to data than Pc-cillin 2000. And I would uninstall Zonealarm or Ewido. If Ewido includes a firewall. They'll conflict. And you can run trojan remover again and select the 2nd option for piiserviceOE (remove reference from registry). Since, it looks like its been uninstalled. |
Speedy Gonzales (78) | ||
| 616780 | 2007-12-01 03:21:00 | Hi Speedy Gonzales Here is the log from Hijack. I have zone alarm as my firewall and AVG as the anti virus the pc cillin 2000 is not operable any more. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:06:18 PM, on 12/01/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\Explorer.EXE C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\sistray.EXE C:\WINNT\System32\SiSAudUt.exe C:\WINNT\Twain_32\3730\SButton.Exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\AstroClock\AstroClock.exe C:\Program Files\Lunabar\Lunabar.exe C:\WINNT\system32\Macromed\Shockwave 8\PostUpdate.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS7012Utility] C:\WINNT\System32\SiSAudUt.exe -wdm O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [SmartButton] C:\WINNT\Twain_32\3730\SButton.Exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINNT\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: AstroClock.lnk = C:\Program Files\AstroClock\AstroClock.exe O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Real-time Monitor.lnk = C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - uk.trendmicro-europe.com (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by15fd.bay15.hotmail.msn.com O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - a1540.g.akamai.net O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - eu-housecall.trendmicro-europe.com O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - de.trendmicro-europe.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - driveragent.com O17 - HKLM\System\CCS\Services\Tcpip\..\{15EAF80C-9C7F-47F6-BCFE-97A4B12ECF77}: NameServer = 202.180.64.2 202.180.64.9 O17 - HKLM\System\CS1\Services\Tcpip\..\{15EAF80C-9C7F-47F6-BCFE-97A4B12ECF77}: NameServer = 202.180.64.2 202.180.64.9 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 1: Your Favorite Weather - www.wunderground.com -- End of file - 7518 bytes |
umila (13079) | ||
| 616781 | 2007-12-01 03:41:00 | Hmm tick these entries then tick fix checked Dont you have a scanner? Close browser/s This maybe nasty C:\WINNT\Twain_32\3730\SButton.Exe Safe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe Nasty O4 - HKLM\..\Run: [SmartButton] C:\WINNT\Twain_32\3730\SButton.Exe Safe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Safe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - uk.trendmicro-europe.com (file missing) O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - a1540.g.akamai.net Then reboot |
Speedy Gonzales (78) | ||
| 1 | |||||