ADW Ruledor.c\loader.exe virus help
|
Original Message
|
Name: hippychick91
Date: December 1, 2003 at 01:13:26 Pacific
Subject: ADW Ruledor.c\loader.exe virus help
OS: windows xp professional
CPU/Ram: prntium
|
Comment: can anyone help me . I've removed this virus once but its back. I have run hijack results below..many thanks
Logfile of HijackThis v1.97.7
Scan saved at 01:13:47, on 01/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\ystck32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Borehill Family\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.8.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64A - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B7 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B76 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-5 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-56 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562C - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D033 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0331 - (no file)
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105774 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057747 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6- - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-005 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0050 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-005004 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0050048 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487B - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BD - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BDB - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe
O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\ystck32.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\Comets~1\DM\bin\DMServer.exe /onreboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19113/payload2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.2221064815
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw11fd.law11.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST2222.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{396CB74B-4DFD-4F9D-91F8-183A28EED50C}: NameServer = 192.168.8.1
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: tamtam
Date: December 1, 2003 at 04:56:23 Pacific
|
Reply: (edit)You have Gator,
Download update and run SpybotS&D and Ad-Aware 6.181
http://www.safer-networking.org/index.php?lang=en&page=download
http://majorgeeks.com/download.php?det=506
In Spybot you should erase all the red entries
If you fill in Gator in this board search engine "try the site search"you will find also how to end tasks via task manager
Post a new log
good luck
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: Abnormal
Date: December 1, 2003 at 11:02:38 Pacific
|
Reply: (edit)Things to do before you remove them again!
Get your windows critical updates!!!
Hijack prevention tips http://www.dslreports.com/forum/remark,8653695~mode=flat Name: Tom41
Date: December 01, 2003 at 01:18:18 Pacific
Subject: ADW Ruledor.c\loader.exe virus
Reply:
Run HijackThis again and place a check in the box next to the following items. Doublecheck so as to be sure not to miss one.
Next, close all browser Windows, and have HT 'fix checked'.
You Must restart your computer when you're done.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.8.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64A - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B7 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B76 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-5 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-56 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562C - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D033 - (no file)
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D0331 - (no file)
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333- - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105774 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057747 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473 - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6- - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-005 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0050 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-005004 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-0050048 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487 - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487B - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BD - (no file)
O2 - BHO: (no name) - {D14D6793-9B65-11D3-80B6-00500487BDB - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\ystck32.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19113/payload2.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST2222.cab After restarting delete the following:
C:\WINDOWS\ystck32.exe
C:\Program Files\Common files\updater folder.
C:\Program Files\Common Files\CMEII folder.
C:\Program Files\Common Files\GMT folder.
Report Offensive Follow Up For Removal
|
Use following form to reply to current message:
