Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have a pop up on my start menu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have a pop up on my start menu

Unread postby Hannesb » July 14th, 2008, 1:26 pm

Pop up message- System has detected a number of active spyware applications that may impact on the performance of your computer. Click the icon to get rid of unwanted spyware by downloading a up-to-date antispyware solution
---------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:31, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Documents and Settings\HannesB\My Documents\Mcafee Virtual Tech.exe
C:\Documents and Settings\HannesB\My Documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {BB717FCE-B0A7-4C47-B803-B87251EDAFAF} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - (no file)
O2 - BHO: TBSB09878 - {FB1F565B-6F2E-4BE1-9C7E-CB01E7413ED1} - (no file)
O3 - Toolbar: MatrixNet Toolbar - {89C7876B-0490-4FF9-850F-F4FFB2F26CBB} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\Microcom\Microcom USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\ASC 2.1\asc 2.1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [VTTimer] VTTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe" (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [AUTORUN_VAL] C:\Program Files\ASC 2.1\asc 2.1.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1004336348-839522115-854245398-1004 Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (User '?')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk134YYZA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: enation - {629340b5-8df6-4211-9245-a86563a35792} - C:\WINDOWS\system32\gnmguxh.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11990 bytes
Hannesb
Active Member
 
Posts: 6
Joined: July 14th, 2008, 12:50 pm
Advertisement
Register to Remove

Re: I have a pop up on my start menu

Unread postby Shaba » July 17th, 2008, 8:08 am

Hi Hannesb

If you already have Smitfraudfix, please delete this copy and download it again as it's being updated regularly.

Please download SmitFraudFix.exe by S!Ri and save it to the desktop.

If you can't download it, please download it from these alternative sites:

From Geekstogo
From Security Cadets
From Zebulon

  1. Double click on SmitfraudFix.exe.
  2. Press 1 then hit the Enter key.
  3. It will create a report named rapport.txt, usually at C drive.
  4. Please post back this log in your next reply.

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Read more here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I have a pop up on my start menu

Unread postby Hannesb » July 17th, 2008, 10:16 am

SmitFraudFix v2.329

Scan done at 16:13:39.26, Thu 07/17/2008
Run from C:\Documents and Settings\HannesB\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HannesB


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HannesB\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HannesB\FAVORI~1

C:\DOCUME~1\HannesB\FAVORI~1\Antivirus Scan.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{629340b5-8df6-4211-9245-a86563a35792}"="enation"

[HKEY_CLASSES_ROOT\CLSID\{629340b5-8df6-4211-9245-a86563a35792}\InProcServer32]
@="C:\WINDOWS\system32\gnmguxh.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{629340b5-8df6-4211-9245-a86563a35792}\InProcServer32]
@="C:\WINDOWS\system32\gnmguxh.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Hannesb
Active Member
 
Posts: 6
Joined: July 14th, 2008, 12:50 pm

Re: I have a pop up on my start menu

Unread postby Shaba » July 17th, 2008, 10:17 am

Hi

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete... under Browsing History.
  • Next to Temporary Internet Files, click Delete files, and then click OK.
  • Next to Cookies, click Delete cookies, and then click OK.
  • Next to History, click Delete history, and then click OK.
  • Click the Close button.
  • Click OK.
[For Netscape 4.x and Up
  • Click Edit from the Netscape menubar.
  • Click Preferences... from the Edit menu.
  • Expand the Advanced menu by clicking the triangle sign.
  • Click Cache.
  • Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
  • Click Edit from the Mozilla menubar.
  • Click Preferences... from the Edit menu.
  • Expand the Advanced menu by clicking the plus sign.
  • Click Cache.
  • Click the Clear Cache button.
For Opera
  • Click File from the Opera menubar.
  • Click Preferences... from the File menu.
  • Click the History and Cache menu.
  • Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
  • Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
______________________________

Please post:
  1. c:\rapport.txt
  2. SUPERAntiSpyware log
  3. A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I have a pop up on my start menu- Problem solved

Unread postby Hannesb » July 17th, 2008, 12:44 pm

Thanks a lot ,my problem is solved . Excellent service guys
:cheers: ..........................................................................................
SmitFraudFix v2.329

Scan done at 17:59:54.75, 2008/07/17
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Hannesb
Active Member
 
Posts: 6
Joined: July 14th, 2008, 12:50 pm

Re: I have a pop up on my start menu

Unread postby Shaba » July 17th, 2008, 12:55 pm

Hi

Please post also superantispyware log and a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I have a pop up on my start menu

Unread postby Hannesb » July 18th, 2008, 10:04 am

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/17/2008 at 05:50 PM

Application Version : 4.15.1000

Core Rules Database Version : 3506
Trace Rules Database Version: 1497

Scan type : Complete Scan
Total Scan Time : 01:03:43

Memory items scanned : 349
Memory threats detected : 1
Registry items scanned : 8236
Registry threats detected : 277
File items scanned : 22869
File threats detected : 226

Trojan.FakeAlert-Gen/Variant
C:\WINDOWS\SYSTEM32\GNMGUXH.DLL
C:\WINDOWS\SYSTEM32\GNMGUXH.DLL

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{629340b5-8df6-4211-9245-a86563a35792}
HKCR\CLSID\{629340B5-8DF6-4211-9245-A86563A35792}
HKCR\CLSID\{629340B5-8DF6-4211-9245-A86563A35792}\InProcServer32
HKCR\CLSID\{629340B5-8DF6-4211-9245-A86563A35792}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{629340b5-8df6-4211-9245-a86563a35792}

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

Trojan.FakeAlert-IEBT
HKLM\Software\Classes\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}
HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}
HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}#ddd
HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}\InprocServer32
HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}\InprocServer32#ThreadingModel
C:\SYSTEM VOLUME INFORMATION\_RESTORE{573826E6-A113-48C2-8E6B-6B27B1C8794A}\RP1023\A0287259.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{573826E6-A113-48C2-8E6B-6B27B1C8794A}\RP1024\A0287342.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{573826E6-A113-48C2-8E6B-6B27B1C8794A}\RP1028\A0287524.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{573826E6-A113-48C2-8E6B-6B27B1C8794A}\RP1028\A0287535.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{573826E6-A113-48C2-8E6B-6B27B1C8794A}\RP1029\A0287557.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{573826E6-A113-48C2-8E6B-6B27B1C8794A}\RP1030\A0287708.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{573826E6-A113-48C2-8E6B-6B27B1C8794A}\RP1030\A0287721.DLL

Adware.Tracking Cookie
C:\Documents and Settings\HannesB\Cookies\hannesb@ads.woes.co[1].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@revsci[2].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@2o7[1].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@statse.webtrendslive[2].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@server.iad.liveperson[1].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@server.iad.liveperson[3].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@www.googleadservices[1].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@toplist[1].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@www.antispycheck[2].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@kontera[2].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@www.googleadservices[3].txt
C:\Documents and Settings\HannesB\Cookies\hannesb@www.teensexymodels[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt

Adware.180solutions/ZangoSearch
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib#Version
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib#Version
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib#Version

Adware.180solutions/Search Assistant
C:\WINDOWS\Downloaded Program Files\ClientAX.dll

Adware.Starware
HKU\S-1-5-21-1004336348-839522115-854245398-1004\Software\Starware

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1004336348-839522115-854245398-1004\Software\Microsoft\Internet Explorer\Main#Search Page [ http://internetsearchservice.com ]
HKU\S-1-5-21-1004336348-839522115-854245398-1004\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://internetsearchservice.com ]
HKU\S-1-5-21-1004336348-839522115-854245398-1004\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://internetsearchservice.com/ie6.html ]

Trojan.Media-Codec
HKU\S-1-5-21-1004336348-839522115-854245398-1004\Software\Internet Security

Adware.180solutions/Seekmo
HKCR\SeekmoToolbar.SkCommBand
HKCR\SeekmoToolbar.SkCommBand\CLSID
HKCR\SeekmoToolbar.SkCommBand\CurVer
HKCR\SeekmoToolbar.SkCommBand.1
HKCR\SeekmoToolbar.SkCommBand.1\CLSID
HKCR\SkbToolbar.SkHtmlMenuUI
HKCR\SkbToolbar.SkHtmlMenuUI\CLSID
HKCR\SkbToolbar.SkHtmlMenuUI\CurVer
HKCR\SkbToolbar.SkHtmlMenuUI.1
HKCR\SkbToolbar.SkHtmlMenuUI.1\CLSID
HKCR\SkbToolbar.SkToolbarCtl
HKCR\SkbToolbar.SkToolbarCtl\CLSID
HKCR\SkbToolbar.SkToolbarCtl\CurVer
HKCR\SkbToolbar.SkToolbarCtl.1
HKCR\SkbToolbar.SkToolbarCtl.1\CLSID
HKCR\SkCoreSrv.LfgAx
HKCR\SkCoreSrv.LfgAx\CLSID
HKCR\SkCoreSrv.LfgAx\CurVer
HKCR\SkCoreSrv.LfgAx.1
HKCR\SkCoreSrv.LfgAx.1\CLSID
HKCR\SkCoreSrv.SkCoreServices
HKCR\SkCoreSrv.SkCoreServices\CLSID
HKCR\SkCoreSrv.SkCoreServices\CurVer
HKCR\SkCoreSrv.SkCoreServices.1
HKCR\SkCoreSrv.SkCoreServices.1\CLSID
HKCR\SkSrv.SkCoreServices
HKCR\SkSrv.SkCoreServices\CLSID
HKCR\SkSrv.SkCoreServices\CurVer
HKCR\SkSrv.SkCoreServices.1
HKCR\SkSrv.SkCoreServices.1\CLSID
HKCR\SkTools.HbMain
HKCR\SkTools.HbMain\CLSID
HKCR\SkTools.HbMain\CurVer
HKCR\SkTools.HbMain.1
HKCR\SkTools.HbMain.1\CLSID
HKU\S-1-5-21-1004336348-839522115-854245398-1004\Software\SeekmoToolbar
HKLM\Software\SeekmoToolbar
HKLM\Software\SeekmoToolbar\Install
HKLM\Software\SeekmoToolbar\Install#IE
HKLM\Software\SeekmoToolbar\Install#OL
HKLM\Software\SeekmoToolbar\Install#WT
HKLM\Software\SeekmoToolbar\Install#WP
HKLM\Software\SeekmoToolbar\Install#Install_Dir
HKLM\Software\SeekmoToolbar\Install\CmpMap
HKLM\Software\SeekmoToolbar\Install\CmpMap#IE
HKLM\Software\SeekmoToolbar\Install\CmpMap#OL
HKLM\Software\SeekmoToolbar\Install\CmpMap#WT
HKLM\Software\SeekmoToolbar\Install\CmpMap#WP
HKLM\Software\SeekmoToolbar\SeekmoToolbar
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#StartInstall
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#IID
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#IID_prv
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#HbHostOEPath
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#PrevVer
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#CurrentVer
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#CreateDate
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#CreateDateDW
HKLM\Software\SeekmoToolbar\SeekmoToolbar\MachineInfo
HKLM\Software\SeekmoToolbar\SeekmoToolbar\MachineInfo#CID
HKLM\Software\SeekmoToolbar\SeekmoToolbar\MachineInfo#CID_prv
HKLM\Software\SeekmoToolbar\SeekmoToolbar\PI
HKLM\Software\SeekmoToolbar\SeekmoToolbar\PI\3.2
HKLM\Software\SeekmoToolbar\SeekmoToolbar\PI\3.2#PID00
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Updates
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Updates#InstallDate
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Upgrade
HKLM\Software\SeekmoToolbar\SeekmoToolbar\Upgrade#LastChecked
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\IESkins
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\skbar.log
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoOI\dynamic
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoOI\static
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoOI
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoOL\dynamic
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoOL\static
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoOL
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1384324.sdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\151198.sdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\2447559.sdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\3852203.sdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\890068.sdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\992161.sdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\domains.txt
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\12776
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\17025
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\20553
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\222084
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\251438
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\25708
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\26664
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\27503
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\290733
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34186
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34237
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34513
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\35047
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\41215
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\42208
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\42491
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44228
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\53813
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\55725
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\61779
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\61837
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\66836
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\72123
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\744608
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\753010
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\80670
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\85062
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\93310
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\93899
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\95716
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\95798
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\99008
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ustat\355b.dat
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ustat
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\btntrans.idx
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\buttondir.txt
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\components.cdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\default.cdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_MobileSW-US.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_weather.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\icons2.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\keywords.idx
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\keywords1.dat
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\layout.cdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\progress.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\seekmo.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\t2_bg.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\theweb.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\top7.cdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\btntrans.idx
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\btntrans1.dat
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\buttondir.txt
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\components.cdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\default.cdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_categorize.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_comparison.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_favorites.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Games.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Hide.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemster.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Mails.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_MobileSW-US.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_new.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_premium.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_reun.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_weather.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_weather.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-t1-bg.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\icons2.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\keywords.idx
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\keywords1.dat
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\layout.cdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\linkpathlegal.txt
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\progress.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\sales_buttons.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\seekmo.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\s_icons_buttons.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\t2_bg.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\theweb.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\top7.cdf
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\tsd_bg.res
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\seekmo.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar\v3.0
C:\Documents and Settings\HannesB\Application Data\SeekmoToolbar

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Adware.Zango Toolbar/Hb
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\InprocServer32
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\InprocServer32#ThreadingModel
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\ProgID
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\Programmable
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\TypeLib
HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\VersionIndependentProgID
HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}
HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\InprocServer32
HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\InprocServer32#ThreadingModel
HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\ProgID
HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\TypeLib
HKCR\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}\VersionIndependentProgID
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}#AppID
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Control
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Implemented Categories
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\InprocServer32
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\InprocServer32#ThreadingModel
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\MiscStatus
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\MiscStatus\1
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\ProgID
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Programmable
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\TypeLib
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\Version
HKCR\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}\VersionIndependentProgID
HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}
HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\InprocServer32
HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\InprocServer32#ThreadingModel
HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\ProgID
HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\Programmable
HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\TypeLib
HKCR\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}\VersionIndependentProgID
HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}
HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\ProgID
HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\Programmable
HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\TypeLib
HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}\VersionIndependentProgID
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\Control
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\InprocServer32
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\InprocServer32#ThreadingModel
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\MiscStatus
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\MiscStatus\1
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\ProgID
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\Programmable
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\TypeLib
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\Version
HKCR\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}\VersionIndependentProgID
HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}
HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}\1.0
HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}\1.0\FLAGS
HKCR\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}\1.0\HELPDIR
HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}
HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}\1.0
HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}\1.0\FLAGS
HKCR\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}\1.0\HELPDIR
HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}
HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}\1.0
HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}\1.0\FLAGS
HKCR\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}\1.0\HELPDIR
HKCR\HbCoreSrv.DynamicProp
HKCR\HbCoreSrv.DynamicProp\CLSID
HKCR\HbCoreSrv.DynamicProp\CurVer
HKCR\HbCoreSrv.DynamicProp.1
HKCR\HbCoreSrv.DynamicProp.1\CLSID
HKCR\Wallpaper.WallpaperManager
HKCR\Wallpaper.WallpaperManager\CLSID
HKCR\Wallpaper.WallpaperManager\CurVer
HKCR\Wallpaper.WallpaperManager.1
HKCR\Wallpaper.WallpaperManager.1\CLSID
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32#ThreadingModel
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\FLAGS
HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\HELPDIR
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid32
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib#Version
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}\ProxyStubClsid
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}\ProxyStubClsid32
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}\TypeLib
HKCR\Interface\{06784C15-B640-40F8-AEE8-3C1A3C7A899C}\TypeLib#Version
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}\ProxyStubClsid
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}\ProxyStubClsid32
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}\TypeLib
HKCR\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}\TypeLib#Version
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}\ProxyStubClsid
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}\ProxyStubClsid32
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}\TypeLib
HKCR\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119}\TypeLib#Version
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}\ProxyStubClsid
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}\ProxyStubClsid32
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}\TypeLib
HKCR\Interface\{3D2E7662-85FB-4CC1-875C-A624B1AA5D96}\TypeLib#Version
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}\ProxyStubClsid
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}\ProxyStubClsid32
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}\TypeLib
HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}\TypeLib#Version
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}\ProxyStubClsid
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}\ProxyStubClsid32
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}\TypeLib
HKCR\Interface\{736918FE-2349-4230-BA9A-1F23649E32AD}\TypeLib#Version
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid32
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib
HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib#Version
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}\ProxyStubClsid
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}\ProxyStubClsid32
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}\TypeLib
HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}\TypeLib#Version
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}\ProxyStubClsid
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}\ProxyStubClsid32
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}\TypeLib
HKCR\Interface\{972BC913-312C-44B7-AA91-4AE3EC2E264B}\TypeLib#Version
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}\ProxyStubClsid
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}\ProxyStubClsid32
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}\TypeLib
HKCR\Interface\{A53762B6-30F7-469F-BA92-13D63CF09A93}\TypeLib#Version
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}\ProxyStubClsid
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}\ProxyStubClsid32
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}\TypeLib
HKCR\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}\TypeLib#Version
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}\ProxyStubClsid
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}\ProxyStubClsid32
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}\TypeLib
HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}\TypeLib#Version
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}\ProxyStubClsid
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}\ProxyStubClsid32
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}\TypeLib
HKCR\Interface\{E4662B0A-DA6B-4408-A73B-5A2BBB2B0CC8}\TypeLib#Version
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}\ProxyStubClsid
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}\ProxyStubClsid32
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}\TypeLib
HKCR\Interface\{E977DE7C-34EA-4876-B333-207C4504589E}\TypeLib#Version
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}\ProxyStubClsid
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}\ProxyStubClsid32
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}\TypeLib
HKCR\Interface\{F5FC30C3-68AD-451B-8BC1-8ABD98F2C69A}\TypeLib#Version

Adware.E404 Helper/Hij
HKCR\CLSID\e405.e405mgr
HKCR\CLSID\e405.e405mgr#UserId

Rogue.Advanced AntiVirus 2008
C:\WINDOWS\system32\aav.cpl
HKU\S-1-5-21-1004336348-839522115-854245398-1004\Software\AAV

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\HANNESB\FAVORITES\ANTIVIRUS SCAN.URL



............................................................................................................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:35, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\HannesB\My Documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {BB717FCE-B0A7-4C47-B803-B87251EDAFAF} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TBSB09878 - {FB1F565B-6F2E-4BE1-9C7E-CB01E7413ED1} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\Microcom\Microcom USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [VTTimer] VTTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe" (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1004336348-839522115-854245398-1004 Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (User '?')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk134YYZA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10778 bytes
Hannesb
Active Member
 
Posts: 6
Joined: July 14th, 2008, 12:50 pm

Re: I have a pop up on my start menu

Unread postby Shaba » July 18th, 2008, 11:41 am

Hi

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I have a pop up on my start menu

Unread postby Hannesb » July 19th, 2008, 1:38 pm

Deckard's System Scanner v20071014.68
Run by HannesB on 2008-07-19 19:32:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HannesB.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:00, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HannesB\My Documents\Deckard.exe
C:\DOCUME~1\HannesB\MYDOCU~1\HannesB.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {BB717FCE-B0A7-4C47-B803-B87251EDAFAF} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TBSB09878 - {FB1F565B-6F2E-4BE1-9C7E-CB01E7413ED1} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\Microcom\Microcom USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [VTTimer] VTTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe" (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1004336348-839522115-854245398-1004 Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe (User '?')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk134YYZA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10807 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\HannesB\MYDOCU~1\backups\) ------------

backup-20080714-175723-903 O3 - Toolbar: MatrixNet Toolbar - {89C7876B-0490-4FF9-850F-F4FFB2F26CBB} - (no file)
backup-20080714-175804-420 O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
backup-20080714-175846-469 O4 - HKCU\..\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
backup-20080714-175927-761 O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
backup-20080714-181642-807 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20080714-181946-147 O4 - HKCU\..\Run: [AUTORUN_VAL] C:\Program Files\ASC 2.1\asc 2.1.exe
backup-20080714-182507-527 O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 athsgt - c:\windows\system32\drivers\athsgt.sys
3 CnxTrLan (Microcom USB Network Adapter Driver) - c:\windows\system32\drivers\cnxtrlan.sys <Not Verified; Lectron; ADSL EB1070 USB Network Adapter>
3 CnxTrUsb (Microcom USB Network Interface Device Driver) - c:\windows\system32\drivers\cnxtrusb.sys <Not Verified; Lectron; ADSL EB1070 USB Network Adapter>
2 enodpl - c:\windows\system32\drivers\enodpl.sys
3 FastNIC (SMC1233A-TX 10/100Mbps PCI NIC Driver) - c:\windows\system32\drivers\fastnic.sys <Not Verified; SMC Networks Inc.; SMC1233A-TX 10/100Mbps PCI NIC>
2 limsgt - c:\windows\system32\drivers\limsgt.sys
3 NTSIM - c:\windows\system32\ntsim.sys <Not Verified; VIA Networking, Inc.; Network Device Monitor Utility>
2 nvtvSND (nVidia WDM TVAudio Crossbar) - system32\drivers\nvtvsnd.sys (file missing)
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
3 SoC PC-Camera Service (SoC PC-Camera) - c:\windows\system32\drivers\pfc027.sys
2 tandpl - c:\windows\system32\drivers\tandpl.sys
3 VNICPKT5 (VNICPKT5 Protocol Driver) - c:\windows\system32\vnicpkt5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe
2 McTaskManager (McAfee Task Manager) - c:\program files\mcafee\virusscan enterprise\vstskmgr.exe
2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe
4 msvsmon80 (Visual Studio 2005 Remote Debugger) - c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe
2 NwSapAgent (SAP Agent) - c:\windows\system32\svchost.exe
4 SQLBrowser (SQL Server Browser) - c:\program files\microsoft sql server\90\shared\sqlbrowser.exe
4 SQLWriter (SQL Server VSS Writer) - c:\program files\microsoft sql server\90\shared\sqlwriter.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-19 14:57:46 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-08 13:34:02 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-17 17:55:26 1478367 --a----c- C:\SmitfraudFix.exe
2008-07-17 16:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-17 16:43:47 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-17 16:43:46 0 d-------- C:\Documents and Settings\HannesB\Application Data\SUPERAntiSpyware.com
2008-07-14 17:08:58 0 d-------- C:\Documents and Settings\HannesB\Application Data\McAfee
2008-07-14 15:58:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-14 15:55:38 0 d-------- C:\Program Files\McAfee
2008-07-14 15:55:38 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-13 13:48:47 0 d-------- C:\Documents and Settings\HannesB\Application Data\Antispyware
2008-07-13 11:56:56 0 d------c- C:\SmitfraudFix <SMITFR~1>
2008-07-13 11:44:17 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-13 11:44:17 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-13 11:44:17 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-13 11:44:17 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-13 11:44:17 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-13 11:44:17 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-13 11:44:17 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-13 11:44:17 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-13 11:44:17 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-13 11:44:17 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-13 11:44:17 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-13 11:44:17 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-13 11:44:17 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-13 11:44:17 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-13 11:22:41 3630 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 10:45:03 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-12 21:46:15 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-12 21:41:15 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-12 19:10:01 0 d-------- C:\WINDOWS\system32\750623
2008-07-11 15:27:57 54881 --a------ C:\WINDOWS\War3Unin.dat
2008-07-11 15:27:56 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-07-11 15:27:56 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-07-11 15:23:23 0 d-------- C:\Program Files\Warcraft III
2008-07-02 20:21:24 0 d-------- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2008-07-02 20:14:46 0 d-------- C:\Program Files\Innowera
2008-07-01 17:50:38 0 --a------ C:\Documents and Settings\HannesB\exit
2008-07-01 17:49:44 0 --a------ C:\Documents and Settings\HannesB\test
2008-07-01 16:56:34 0 d-------- C:\Program Files\Microcom
2008-07-01 16:56:25 52864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys <Not Verified; Lectron; ADSL EB1070 USB Network Adapter>
2008-07-01 16:44:15 25984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys <Not Verified; Lectron; ADSL EB1070 USB Network Adapter>
2008-06-30 14:12:52 0 d-------- C:\Program Files\Electronic Arts
2008-06-30 03:16:31 35902 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-30 03:16:24 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-30 03:16:24 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>


-- Find3M Report ---------------------------------------------------------------

2008-07-19 18:02:06 0 d-------- C:\Program Files\Diablo II
2008-07-19 14:48:22 0 d-------- C:\Documents and Settings\HannesB\Application Data\Skype
2008-07-17 18:45:57 43808 --a----c- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-07-17 18:39:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-17 16:43:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 20:27:01 0 d-------- C:\Program Files\GameSpy Arcade
2008-07-14 15:58:38 0 d-------- C:\Program Files\Network Associates
2008-07-14 15:57:05 0 d-------- C:\Program Files\Common Files\Network Associates
2008-07-14 15:55:38 0 d-------- C:\Program Files\Common Files
2008-07-12 21:46:58 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-03 21:22:52 0 d-------- C:\Program Files\Quake III Arena
2008-06-30 17:40:49 43520 --a----c- C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-30 14:32:32 669184 --a----c- C:\WINDOWS\system32\pbsvc.exe
2008-06-30 03:24:06 21840 --a----ct C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 03:24:06 17212 --a----ct C:\WINDOWS\system32\SIntf32.dll
2008-06-30 03:24:06 12067 --a----ct C:\WINDOWS\system32\SIntf16.dll
2008-06-07 10:19:42 0 d-------- C:\Program Files\CyberLink
2008-06-02 16:50:13 0 d-------- C:\Program Files\Real
2008-05-25 14:33:52 0 d-------- C:\Program Files\Mxit goed
2008-05-25 14:33:27 0 d-------- C:\Program Files\YVD
2008-05-24 10:31:56 0 d-------- C:\Program Files\Support Tools
2008-05-24 10:31:55 0 d-------- C:\Program Files\FaxTalk Communicator
2008-05-24 10:27:26 0 d-------- C:\Program Files\iolo
2008-05-21 16:01:19 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB1F565B-6F2E-4BE1-9C7E-CB01E7413ED1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [12/05/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [11/17/2006 03:06]
"CnxTrApp"="C:\Program Files\Microcom\Microcom USB Network\CnxTrApp.dll" [08/07/2004 02:09]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/04/2008 22:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00]
"SoundMan"="SOUNDMAN.EXE" [06/20/2005 15:42 C:\WINDOWS\SOUNDMAN.EXE]
"S3Trayp"="S3trayp.exe" [06/11/2007 05:15 C:\WINDOWS\system32\S3Trayp.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/10/2006 20:31]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 15:40]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 08:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/31/2006 15:54]
"VTTimer"="VTTimer.exe" [09/21/2006 10:36 C:\WINDOWS\system32\VTTimer.exe]
"System Mechanic Popup Stopper"="C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe" [06/14/2004 07:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/24/2007 10:09]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/29/2007 15:36]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [04/21/2004 10:26]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/15/2006 13:27]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" []
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [06/29/2007 11:51]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f2b6150-ed6a-11db-b812-df5e3370595d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c15558-a981-11dc-8797-001bb9bfedaa}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe




-- End of Deckard's System Scanner: finished at 2008-07-19 19:36:14 ------------

............................................................................................................

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1022.17 MiB / 398.91 MiB
Pagefile Memory (total/avail): 3925.2 MiB / 3430.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 7.8 GiB free.
D: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HannesB\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOMELG
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HannesB
LOGONSERVER=\\HOMELG
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Support Tools\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HannesB\LOCALS~1\Temp
TMP=C:\DOCUME~1\HannesB\LOCALS~1\Temp
USERDOMAIN=HOMELG
USERNAME=HannesB
USERPROFILE=C:\Documents and Settings\HannesB
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HannesB (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advanced WindowsCare 2.55 Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Anfy --> C:\PROGRA~1\AnfyTeam\UNWISE.EXE C:\PROGRA~1\AnfyTeam\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
C# Express Introduction --> MsiExec.exe /I{2C942EF1-EF7C-4386-87E9-64B4BF9497B4}
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Code Rules - Learn Visual Basic .NET --> MsiExec.exe /I{2FC748B6-0F5F-4AAA-90F5-49CA210F38BF}
CrazyTalk for Skype --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\Setup.exe" -l0x9 /uninstall
Csharp for Sharp Kids --> MsiExec.exe /I{1480D92F-27FA-4C2B-8617-D37F148BCFD1}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digimax 301 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63C02196-D8B3-11D7-ABE1-0080C8274868}\Setup.exe" -l0x9
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
FaxTalk Communicator 4.5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FaxTalk Communicator\Uninst.isu"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109) --> C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109) --> C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Hero Editor V0.96 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\HannesB\My Documents\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
iolo technologies' System Mechanic 4 --> C:\PROGRA~1\iolo\SYSTEM~1\UNWISE.EXE C:\PROGRA~1\iolo\SYSTEM~1\INSTALL.LOG
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
MatrixNet Toolbar --> regsvr32 /u /s "C:\Program Files\Internet Connection Manager\MatrixNet Toolbar\matrixnet_toolbar.dll"
McAfee AntiSpyware Enterprise Module --> "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Metal Fatigue Uninstall --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Psygnosis\Metal Fatigue\Uninst.isu" -c"C:\Program Files\Psygnosis\Metal Fatigue\uninst.dll
Microcom USB Network Adapter --> "C:\Program Files\Microcom\Microcom USB Network\SETUP.EXE" -U -IVID_0572&PID_CB01
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Standard --> MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\VB98\Setup\1033\Setup.exe"
Microsoft Visual C# 2005 Step by Step --> MsiExec.exe /I{AA606E48-BAEB-4B80-AEBA-64B286439309}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU\setup.exe
Microsoft Visual Studio 2005 Tools for Office Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
mpowerplayer --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://content.mplayit.com/client/player.jarjnlp"
MSDN Library - Visual Studio 6.0a --> "C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1033\Setup\Setup.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Musicnotes Player V1.23.0 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
Office Animation Runtime --> MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
PCDJ FX VRM --> C:\PROGRA~1\Emission\PCDJFX~1\UNWISE.EXE C:\PROGRA~1\Emission\PCDJFX~1\INSTALL.LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Process Runner --> MsiExec.exe /I{5A2278D8-0A87-48AA-8516-FD9FBCFAE7DE}
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB925674) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {124D38C7-5BE5-4D4E-8D6D-9F10DC6B6D11} /package {1B041548-33BC-4174-8B97-ADC9B7948488}
Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB937060) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {78DD9A0A-4AE1-46D0-B9A6-578EFCA47A3C} /package {1B041548-33BC-4174-8B97-ADC9B7948488}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Soldier of Fortune Payback --> MsiExec.exe /X{11BFB898-71E5-488A-A8FF-0E462667FB72}
StarCraft - Broodwar --> C:\WINDOWS\iun503.exe C:\Program Files\StarCraft\irunin.ini
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VB for Very Bright Kids --> MsiExec.exe /I{0857C005-7417-46A0-B203-BE3A3A4B3B99}
VeZA Route planner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4629A146-D32D-4B4A-AC86-9E6BA07CC63C}\setup.exe" -l0x9
VEZA Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A750C3A0-7828-11D4-9104-00C04F0F0120}\Setup.exe"
VIA Display Driver 6.14.10.0099 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WebDialogs Unyte --> C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\40E74BFD69174D7FB489C85D9E586824\uninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Uninstall.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yugioh Virtual Desktop --> C:\WINDOWS\unvise32.exe C:\Program Files\YVD\uninstal.log


-- Application Event Log -------------------------------------------------------

Event Record #/Type31379 / Warning
Event Submitted/Written: 07/19/2008 07:00:43 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type31378 / Warning
Event Submitted/Written: 07/19/2008 07:00:43 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

Event Record #/Type31377 / Warning
Event Submitted/Written: 07/19/2008 07:00:43 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type31376 / Warning
Event Submitted/Written: 07/19/2008 07:00:43 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.

Event Record #/Type31371 / Warning
Event Submitted/Written: 07/19/2008 02:48:25 PM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35834 / Error
Event Submitted/Written: 07/19/2008 07:36:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type35833 / Error
Event Submitted/Written: 07/19/2008 07:35:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type35832 / Error
Event Submitted/Written: 07/19/2008 07:35:34 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type35831 / Error
Event Submitted/Written: 07/19/2008 07:35:34 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type35830 / Error
Event Submitted/Written: 07/19/2008 07:35:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}



-- End of Deckard's System Scanner: finished at 2008-07-19 19:36:14 ------------
Hannesb
Active Member
 
Posts: 6
Joined: July 14th, 2008, 12:50 pm

Re: I have a pop up on my start menu

Unread postby Shaba » July 19th, 2008, 1:55 pm

Hi

Open HijackThis, click do a system scan only and checkmark these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BB717FCE-B0A7-4C47-B803-B87251EDAFAF} - (no file)
O2 - BHO: TBSB09878 - {FB1F565B-6F2E-4BE1-9C7E-CB01E7413ED1} - (no file)
O4 - HKCU\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKUS\S-1-5-21-1004336348-839522115-854245398-1004\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w (User '?')


Close all windows including browser and press fix checked.

Reboot.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I have a pop up on my start menu

Unread postby Shaba » July 24th, 2008, 3:17 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware