Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Medload problem, "upps" pop up as error

Status
Not open for further replies.
38dean

38dean

Technical User
Dec 18, 2003
14
US
Removed Medload. Now unable to connect to the internet. Error pop's up stating "upps". We are also receiving an error stating "msgr 32" and "ccapp" (Norton).

Did I not remove all the required registry data when removing "Medload"?

Thanks,

Dean
 
Sort by date Sort by votes
You may have to run Winsock fix:


Also go to run msconfig and check to see if this stuff is still in your startup and uncheck it if it is.

Finally do the following:

Try Webroot spysweeper to make sure you are clean.

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Hope that helps,

Erik
 
Upvote 0 Downvote
Erik,

Thank you for your recommendations. I have been having the hardest time getting my computer to boot up. My computer starts Windows 98, but gets hung up and will not let me run any programs. When I hit "alt, ctrl, delete" I find the following: "upps" listed seven or eight times, along with the MSGR 32 not responding, CCAPP not responding and multiple entries of "eee2e:. I tried to shut the upps and eee2e but to no avail. We also get a "duf" pop up stating the page cannot be viewed? All this started with Medload and a Winfix pop up a while back. Since I tried to remove Medload fromt the Registry, now all this other junk is going on. I purchased a program, Registry Repair Pro yesterday, ran it, it said it fixed 810 registry errors, but it did not fix the errors stated above.

Thanks for your help.

Dean
 
Upvote 0 Downvote
Erik,

Please see below scan I performed using Hijackthis. I see where the EEE2.exe is occuring frequently. Not sure what it is? One other item to note, we can access the internet now, but our Outlook states "The connection to the server has failed. Account: 'pop-server.cinci.rr.com', Server: 'pop-server.cinci.rr.com', Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error: 10061, Error Number: 0x800CCC0E"
As I mentioned above we received the following errors when you hit alt, ctrl, delete. "upps" listed seven or eight times, along with the MSGR 32 not responding, CCAPP not responding and multiple entries of "eee2e:

Thank you again for your help.

Dean


Logfile of HijackThis v1.99.1
Scan saved at 5:14:24 PM, on 3/6/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DRMON\SMARTAGT\SMARTAGT.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\RESCHANGER XP\RESCHANGERXP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\MKNEYMTEH.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BCNWNS\ITRA.EXE
C:\WINDOWS\MM15201518.STUB.EXE
C:\WINDOWS\SYSTEM\DWDSREGT.EXE
C:\WINDOWS\EEE2.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\INSTALL.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\All Users\Application Data\Intuit\Quicken\Inet\Common\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;localhost
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {76230BAC-B0D8-99A2-CF1A-12A65CCEA198} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: posHelp Class - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\TOOLBAR.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -off
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] C:\WINDOWS\SYSTEM\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [scfiybqgw] C:\WINDOWS\mkneymteh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Bautkjt] C:\PROGRAM FILES\BCNWNS\ITRA.EXE
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\MM15201518.STUB.EXE
O4 - HKLM\..\Run: [{5B-B8-85-51-ZN}] C:\WINDOWS\SYSTEM\DWDSREGT.EXE IMG001
O4 - HKLM\..\Run: [0.69] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.15] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.57] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.27] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.61] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.56] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.41] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.47] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.33] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.81] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.02] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.20] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.87] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.48] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.97] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.82] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.18] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.89] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.44] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.93] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.31] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.86] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.66] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.96] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.10] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.83] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.37] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.05] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.21] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.40] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.67] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.23] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.35] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.62] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.92] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.19] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.75] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.76] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.93] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.14] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.52] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.78] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.64] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.77] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.59] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.60] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.99] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.50] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.37] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.45] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.92] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.49] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.42] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.30] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.63] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.79] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.91] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.55] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.73] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.68] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.39] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.71] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.34] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.36] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.07] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.53] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.39] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.77] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.88] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.36] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.13] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.43] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.65] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.22] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.25] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.73] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.94] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.51] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.16] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.17] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.93] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.46] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.84] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.38] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.28] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.64] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.52] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.46] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.91] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.74] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.43] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.58] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.70] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.12] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.01] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.27] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.24] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.08] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.99] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.95] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.54] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.68] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.64] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.97] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.19] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.81] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.32] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.63] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.98] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.80] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.80] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.09] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.55] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.07] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.05] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.11] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.06] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.85] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.49] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.83] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.90] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.68] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.99] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.22] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.42] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.81] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.53] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.58] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.72] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.95] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.83] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.01] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.98] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.38] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.92] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.28] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.09] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.77] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.51] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.41] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.78] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.71] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.10] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.84] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.09] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.01] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.41] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.64] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.30] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.06] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.08] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.27] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.14] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.40] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.60] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.10] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.55] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.77] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.84] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.65] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.11] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.21] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.97] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.05] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.32] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.52] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.38] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.35] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.24] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.30] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.51] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.18] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.59] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.76] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.61] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.30] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.35] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.56] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.94] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.50] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.00] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.81] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.87] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.32] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.57] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.67] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.95] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.73] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.02] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.95] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.27] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.93] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.82] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.25] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.66] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.42] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.30] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.28] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.02] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.43] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.12] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.62] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.63] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.07] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.75] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.80] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.31] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.71] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.18] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.43] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.21] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.79] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.99] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.10] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.12] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.38] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.80] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.95] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.25] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.32] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.52] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.33] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.73] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.35] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.16] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.70] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.75] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.99] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.65] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.08] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.22] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.08] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.35] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.44] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.13] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.41] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.20] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.81] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.18] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.11] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.95] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.44] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.78] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.75] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.88] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.63] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.02] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.81] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.75] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.61] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.59] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.84] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.85] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.38] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [0.00] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.35] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.40] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.94] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.16] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.90] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.87] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.23] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.32] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.33] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.09] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.13] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.67] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.78] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.83] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.89] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.47] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.39] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.43] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.62] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.51] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.22] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.82] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.07] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.72] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.37] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.10] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.56] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.06] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.01] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.33] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.50] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.19] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.99] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.26] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.68] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.68] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.87] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.66] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.05] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.44] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.59] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.78] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.58] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.90] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.98] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.82] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.46] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.46] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.36] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.63] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.49] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.54] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.27] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.48] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.07] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.72] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.33] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.45] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.14] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.22] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.21] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.50] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.16] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.66] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.52] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.94] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.21] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.67] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.51] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.58] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.37] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.14] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.55] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.94] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.24] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.87] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.36] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.18] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.86] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.98] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.45] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.62] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.85] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.13] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.09] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.18] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.92] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [6.33] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.83] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.49] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.80] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.56] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.67] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.39] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.72] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.69] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.51] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.13] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.40] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.00] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.81] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.97] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.70] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.98] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.48] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.12] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.12] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.62] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.75] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.72] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.77] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.02] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.44] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.45] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.40] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.73] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.50] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.54] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.58] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.23] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.77] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.23] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.25] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.47] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.89] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.91] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.87] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.57] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.89] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.34] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.90] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.34] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.78] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.95] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.16] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.53] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.34] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.37] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.94] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.22] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.27] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.19] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.76] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.78] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.25] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.34] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.69] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.72] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.82] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.54] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.60] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.38] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.01] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.96] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.15] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.06] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.02] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.64] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.28] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.11] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.65] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.66] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.50] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.47] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.06] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.49] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.16] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.87] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.13] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.19] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.71] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [AdBlocker] C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe
O4 - HKLM\..\Run: [6.11] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.49] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.13] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.90] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.61] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.27] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.96] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.48] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.40] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.90] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.43] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.97] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.18] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.90] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.89] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.17] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.13] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.21] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.89] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.27] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.23] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.30] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.57] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.93] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.24] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.28] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.36] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.18] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.49] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.46] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.57] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.61] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.44] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.22] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.60] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.20] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.28] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.79] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.09] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.65] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.89] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.01] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.74] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.09] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.31] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.51] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.32] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.61] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.94] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.41] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.76] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.56] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.57] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.80] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.96] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.22] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.67] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.33] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.88] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.39] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.21] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.07] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.28] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.97] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.98] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.78] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.59] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.51] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.36] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.70] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.47] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.95] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.37] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.82] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.31] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.86] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.72] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.30] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.43] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.69] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.29] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.05] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.97] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.80] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.92] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.57] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.61] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.25] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.64] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.54] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.24] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.35] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.17] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.08] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.80] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.98] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.99] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.96] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.77] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.52] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.10] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.85] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.15] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.96] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.19] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.20] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.93] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.00] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.71] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.17] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.03] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.45] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.36] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.40] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.79] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.86] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.10] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.66] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [3.71] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.36] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.92] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.15] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.49] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.89] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.45] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.67] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.04] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.15] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.08] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [4.84] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.96] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.33] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.39] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.93] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.75] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.45] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.30] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [8.08] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [5.24] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [2.09] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [7.63] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.14] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.32] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.56] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [1.79] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [9.44] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\Run: [6.55] C:\WINDOWS\EEE2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [dRMON SmartAgent] drmon\SmartAgt\SmartAgt.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] C:\WINDOWS\SYSTEM\The associated domain name has probably been reserved by a client from
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\ZIIMG001.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O12 - Plugin for .rpm: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppl3260.dll
O12 - Plugin for .ica: C:\PROGRA~1\INTERN~1\PLUGINS\NPICAN.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -
 
Upvote 0 Downvote
Download the pocket killbox




Download DelDomains.inf from here:


Rightclick DelDomains.inf and choose install.



go to add/remove and uninstall INTERNET OPTIMIZER and AWS , look for their folders in C:\program files and delete them.



Please download WebRoot SpySweeper from HERE (It's a 2 week trial):



* Click the Free Trial link under "Downloads/SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.




download cleanup




* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* Run cleanup



have hijack this fix these entries. close all browsers and programmes before
clicking FIX.


Also fix all those 04s with eee4.exe


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\All Users\Application Data\Intuit\Quicken\Inet\Common\blank.htm
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {76230BAC-B0D8-99A2-CF1A-12A65CCEA198} - (no file)
O2 - BHO: (no name) - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: posHelp Class - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\TOOLBAR.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] C:\WINDOWS\SYSTEM\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [scfiybqgw] C:\WINDOWS\mkneymteh.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Bautkjt] C:\PROGRAM FILES\BCNWNS\ITRA.EXE
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\MM15201518.STUB.EXE
O4 - HKLM\..\Run: [{5B-B8-85-51-ZN}]
O4 - Startup: Z_Start.lnk = C:\WINDOWS\ZIIMG001.exe
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL
O9 - Extra button: WeatherBug -

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -


Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.



Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.



C:\PROGRA~1\ADVANC~1\TOOLBAR.DLL
C:\WINDOWS\NEM220.DLL
C:\WINDOWS\WSEM303.DLL
C:\WINDOWS\mkneymteh.exe
c:\installer\id53.exe
C:\PROGRAM FILES\BCNWNS\ITRA.EXE
C:\PROGRAM FILES\BCNWNS
C:\WINDOWS\MM15201518.STUB.EXE
C:\WINDOWS\ZIIMG001.exe
C:\WINDOWS\SYSTEM\DWDSREGT.EXE
C:\WINDOWS\EEE2.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer




Run ActiveScan online virus scan here


When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!



post another hijack this log, the spysweeper and active scan logs




Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Pechenegs,

What does the EEE2.exe do?

What does changing the EEE2.exe to EEE4.exe do?

Just wondering since the EEE2.exe was shown over 500 times in my hijackthis log.

Thanks,

Dean
 
Upvote 0 Downvote
I think that was a typo. Get rid of off these :

O4 - HKLM\..\Run: C:\WINDOWS\EEE2.exe

And, the other stuff indicated.

Hope that helps,

Erik
 
Upvote 0 Downvote
Erik,

I ran into some problem with WebRoot SpySweeper last night. The program seemed to work o.k. It took 6 hours and 13 minutes to process the scan! The scan found quite a few errors. This morning I hit the "Next" key and waited for 30 minutes until the "hourglass" went away. Unfortunately I then received an error on my computer stating I was low on resourses and then the computer crashed.

Is the order in which the above instructions to clean my computer essential to doing he "fix"?

I downloaded so far:
"killbox" but have not ran it yet.
"DelDomains.inf ", I did click install. Not sure anything happened?
I was not sure if I was to go in my "Control Panel" and use the add/remove software or if "DelDomains.inf" would be the area I did the following? - ""go to add/remove and uninstall INTERNET OPTIMIZER and AWS , look for their folders in C:\program files and delete them

Thanks again for your expertise and willingness to help.

Dean

 
Upvote 0 Downvote
get rid of those files using hijack this and the killbox and that should free you up to run the scans !

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Below is my latest scan for HijackThis.


Logfile of HijackThis v1.99.1
Scan saved at 9:40:52 PM, on 3/8/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DRMON\SMARTAGT\SMARTAGT.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\RESCHANGER XP\RESCHANGERXP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\INSTALL.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\REGISTRYREPAIRPRO.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;localhost
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -off
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AdBlocker] C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [ToolbarInstall] C:\WINDOWS\876029.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [dRMON SmartAgent] drmon\SmartAgt\SmartAgt.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] C:\WINDOWS\SYSTEM\The associated domain name has probably been reserved by a client from
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .rpm: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppl3260.dll
O12 - Plugin for .ica: C:\PROGRA~1\INTERN~1\PLUGINS\NPICAN.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
 
Upvote 0 Downvote
Results from SpySweeper and HiJackThis.

From SpySweeper

10:03 PM: | Start of Session, Wednesday, March 08, 2006 |
10:03 PM: Spy Sweeper started
10:03 PM: Sweep initiated using definitions version 556
10:03 PM: Starting Memory Sweep
10:04 PM: Found Adware: webhancer
10:04 PM: Detected running threat: C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL (ID = 83837)
10:16 PM: Found Adware: internetoptimizer
10:16 PM: Detected running threat: C:\Program Files\Internet Optimizer\install.exe (ID = 64033)
10:16 PM: Detected running threat: C:\Program Files\Internet Optimizer\actalert.exe (ID = 64016)
10:20 PM: Detected running threat: C:\Program Files\webHancer\Programs\whAgent.exe (ID = 83817)
10:20 PM: Detected running threat: C:\WINDOWS\webhdll.dll (ID = 83813)
10:25 PM: Memory Sweep Complete, Elapsed Time: 00:21:59
10:25 PM: Starting Registry Sweep
10:28 PM: Found Adware: begin2search
10:28 PM: HKCR\interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}\ (8 subtraces) (ID = 104125)
10:28 PM: HKCR\interface\{17973bd7-959c-4d8a-8b2f-ab200e20a75e}\ (8 subtraces) (ID = 104129)
10:28 PM: HKCR\interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}\ (8 subtraces) (ID = 104130)
10:28 PM: HKCR\interface\{b12508ad-ca55-4238-8db3-55808ba6915a}\ (8 subtraces) (ID = 104132)
10:28 PM: HKCR\interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}\ (8 subtraces) (ID = 104134)
10:28 PM: HKCR\interface\{f912c325-5b26-4ad6-bf39-84370833e972}\ (8 subtraces) (ID = 104140)
10:28 PM: HKLM\software\classes\interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}\ (8 subtraces) (ID = 104175)
10:28 PM: HKLM\software\classes\interface\{17973bd7-959c-4d8a-8b2f-ab200e20a75e}\ (8 subtraces) (ID = 104179)
10:28 PM: HKLM\software\classes\interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}\ (8 subtraces) (ID = 104180)
10:28 PM: HKLM\software\classes\interface\{b12508ad-ca55-4238-8db3-55808ba6915a}\ (8 subtraces) (ID = 104182)
10:28 PM: HKLM\software\classes\interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}\ (8 subtraces) (ID = 104184)
10:28 PM: HKLM\software\classes\interface\{f912c325-5b26-4ad6-bf39-84370833e972}\ (8 subtraces) (ID = 104190)
10:28 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {52fe5233-367c-4efb-bdd7-0be4d212c107} (ID = 104209)
10:29 PM: Found Adware: blazefind
10:29 PM: HKLM\software\microsoft\windows\currentversion\uninstall\preview adservice\ (1 subtraces) (ID = 104549)
10:29 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 3.0\ (4 subtraces) (ID = 104553)
10:29 PM: HKLM\software\preview adservice\ (3 subtraces) (ID = 104556)
10:51 PM: Found Adware: delfin
10:51 PM: HKLM\software\dvx\ (2 subtraces) (ID = 124854)
10:52 PM: Found Adware: downloadware
10:52 PM: HKLM\software\microsoft\windows\currentversion\uninstall\medialoads enhanced\ (2 subtraces) (ID = 125363)
10:53 PM: Found Adware: findwhatevernow toolbar
10:53 PM: HKCR\clsid\{3d0bdab3-12f4-471c-8966-e35a2c6c7de7}\ (13 subtraces) (ID = 126458)
10:53 PM: HKCR\clsid\{3d156636-3f7e-46c9-9ac1-5e4d8202aa23}\ (10 subtraces) (ID = 126459)
10:53 PM: HKCR\fwn.fwntoolbar\ (3 subtraces) (ID = 126462)
10:53 PM: HKCR\fwn.isubclass\ (3 subtraces) (ID = 126463)
10:53 PM: HKCR\interface\{3dbbf8b7-a97c-4a92-8d27-d29222e6b60f}\ (8 subtraces) (ID = 126464)
10:53 PM: HKLM\software\classes\clsid\{3d0bdab3-12f4-471c-8966-e35a2c6c7de7}\ (13 subtraces) (ID = 126468)
10:53 PM: HKLM\software\classes\clsid\{3d156636-3f7e-46c9-9ac1-5e4d8202aa23}\ (10 subtraces) (ID = 126469)
10:53 PM: HKLM\software\classes\fwn.fwntoolbar\ (3 subtraces) (ID = 126472)
10:53 PM: HKLM\software\classes\fwn.isubclass\ (3 subtraces) (ID = 126473)
10:53 PM: HKLM\software\classes\interface\{3dbbf8b7-a97c-4a92-8d27-d29222e6b60f}\ (8 subtraces) (ID = 126474)
10:53 PM: HKLM\software\classes\typelib\{0e9db3ab-d16a-47cf-b59a-f74d649bea5b}\ (9 subtraces) (ID = 126477)
10:53 PM: HKCR\typelib\{0e9db3ab-d16a-47cf-b59a-f74d649bea5b}\ (9 subtraces) (ID = 126486)
10:56 PM: HKU\.default\software\avenue media\ (ID = 128878)
10:56 PM: HKU\.default\software\policies\avenue media\ (ID = 128879)
10:56 PM: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128885)
10:56 PM: HKLM\software\avenue media\ (59 subtraces) (ID = 128888)
10:56 PM: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128896)
10:56 PM: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912)
10:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 128916)
10:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer\ (3 subtraces) (ID = 128921)
10:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer active alert\ (3 subtraces) (ID = 128922)
10:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer software installer\ (3 subtraces) (ID = 128923)
10:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\kapabout\ (2 subtraces) (ID = 128924)
10:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
10:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wsem update\ (2 subtraces) (ID = 128927)
10:56 PM: HKLM\software\policies\avenue media\ (ID = 128929)
10:59 PM: Found Adware: mirar webband
10:59 PM: HKLM\software\microsoft\windows\currentversion\run\ || toolbarinstall (ID = 135113)
10:59 PM: HKLM\software\relatedpageinstall\ (5 subtraces) (ID = 135120)
10:59 PM: Found Adware: moneytree
10:59 PM: HKCR\clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}\ (11 subtraces) (ID = 135171)
10:59 PM: HKCR\dyfuca_bh.bhobj.1\ (3 subtraces) (ID = 135175)
10:59 PM: HKCR\dyfuca_bh.bhobj\ (5 subtraces) (ID = 135176)
10:59 PM: HKCR\dyfuca_bh.sinkobj.1\ (3 subtraces) (ID = 135177)
10:59 PM: HKCR\dyfuca_bh.sinkobj\ (5 subtraces) (ID = 135178)
10:59 PM: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (8 subtraces) (ID = 135185)
10:59 PM: HKLM\software\classes\dyfuca_bh.bhobj\ (5 subtraces) (ID = 135194)
10:59 PM: HKLM\software\classes\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\ (9 subtraces) (ID = 135201)
10:59 PM: HKLM\software\microsoft\windows\currentversion\uninstall\dyfuca\ (ID = 135214)
10:59 PM: HKCR\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\ (9 subtraces) (ID = 135216)
10:59 PM: HKCR\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\ (9 subtraces) (ID = 135217)
10:59 PM: Found Adware: 180search assistant/zango
10:59 PM: HKLM\software\saap\ (8 subtraces) (ID = 135785)
10:59 PM: Found Adware: networkessentials
10:59 PM: HKCR\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136074)
10:59 PM: HKCR\mp.mediapops.1\ (3 subtraces) (ID = 136079)
10:59 PM: HKCR\mp.mediapops\ (5 subtraces) (ID = 136080)
10:59 PM: HKLM\software\classes\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136147)
10:59 PM: HKLM\software\classes\mp.mediapops\ (5 subtraces) (ID = 136152)
10:59 PM: HKLM\software\classes\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136154)
10:59 PM: HKCR\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136181)
11:00 PM: Found Adware: media-motor
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media-motor\ (2 subtraces) (ID = 140208)
11:00 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
11:00 PM: Found Adware: safesurf
11:00 PM: HKLM\software\microsoft\windows\currentversion\ || np (ID = 140392)
11:00 PM: Found Adware: scbar
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\batch assistant\ (2 subtraces) (ID = 140508)
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\data compiler\ (2 subtraces) (ID = 140509)
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\indexing function\ (2 subtraces) (ID = 140510)
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sbm os\ (2 subtraces) (ID = 140511)
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\search os\ (2 subtraces) (ID = 140512)
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tp http\ (2 subtraces) (ID = 140514)
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\url.ie app\ (2 subtraces) (ID = 140515)
11:00 PM: Found Adware: squire webhelper
11:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sqwire\ (2 subtraces) (ID = 142190)
11:01 PM: Found Adware: tvmedia
11:01 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145311)
11:01 PM: HKCR\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}\ (9 subtraces) (ID = 146268)
11:01 PM: HKCR\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\ (8 subtraces) (ID = 146269)
11:01 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}\ (ID = 146270)
11:01 PM: HKLM\software\microsoft\windows\currentversion\run\ || webhancer agent (ID = 146272)
11:01 PM: HKLM\software\microsoft\windows\currentversion\run\ || webhancer survey companion (ID = 146273)
11:01 PM: HKLM\software\microsoft\windows\currentversion\uninstall\webhancer agent\ (3 subtraces) (ID = 146274)
11:01 PM: HKLM\software\microsoft\windows\currentversion\uninstall\whsurvey\ (3 subtraces) (ID = 146275)
11:01 PM: HKLM\software\webhancer\ (6 subtraces) (ID = 146278)
11:01 PM: HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\ (9 subtraces) (ID = 146279)
11:01 PM: HKCR\whiehelperobj.whiehelperobj.1\ (3 subtraces) (ID = 146280)
11:01 PM: HKCR\whiehelperobj.whiehelperobj\ (3 subtraces) (ID = 146281)
11:01 PM: Found Adware: webrebates
11:01 PM: HKCR\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (13 subtraces) (ID = 146292)
11:01 PM: HKCR\imgconv.clsimgconv\ (3 subtraces) (ID = 146293)
11:01 PM: HKLM\software\classes\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (13 subtraces) (ID = 146294)
11:01 PM: HKLM\software\classes\imgconv.clsimgconv\ (3 subtraces) (ID = 146295)
11:01 PM: HKLM\software\classes\typelib\{15e7d23b-736e-46fa-bffd-cbec4126befd}\ (9 subtraces) (ID = 146296)
11:01 PM: HKCR\typelib\{15e7d23b-736e-46fa-bffd-cbec4126befd}\ (9 subtraces) (ID = 146304)
11:01 PM: Found Adware: wildmedia
11:01 PM: HKLM\software\wildmedia\ (2 subtraces) (ID = 146962)
11:01 PM: Found Adware: winad
11:01 PM: HKCR\prevadx.installer\ (3 subtraces) (ID = 147161)
11:01 PM: HKLM\software\classes\prevadx.installer\ (3 subtraces) (ID = 147175)
11:01 PM: HKCR\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ (8 subtraces) (ID = 169495)
11:01 PM: HKLM\software\classes\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ (8 subtraces) (ID = 169496)
11:01 PM: HKLM\software\avenue media\internet optimizer\ (58 subtraces) (ID = 394594)
11:02 PM: Found Trojan Horse: 2nd-thought
11:02 PM: HKU\.DEFAULT\software\2nd\ (2 subtraces) (ID = 101987)
11:02 PM: Found Adware: hotbar
11:02 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
11:02 PM: HKU\.DEFAULT\software\avenue media\ (ID = 128887)
11:02 PM: HKU\.DEFAULT\software\policies\avenue media\ (ID = 128928)
11:02 PM: HKU\.DEFAULT\software\saap\ (3 subtraces) (ID = 135784)
11:02 PM: HKU\.DEFAULT\software\support software\ (11 subtraces) (ID = 136177)
11:02 PM: Found Adware: sidesearch
11:02 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
11:02 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
11:02 PM: Registry Sweep Complete, Elapsed Time:00:36:46
11:02 PM: Starting Cookie Sweep
11:02 PM: Found Spy Cookie: 2o7.net cookie
11:02 PM: mac@cnn.122.2o7[1].txt (ID = 1958)
11:02 PM: Found Spy Cookie: rn11 cookie
11:02 PM: mac@rn11[2].txt (ID = 3261)
11:02 PM: Found Spy Cookie: videodome cookie
11:02 PM: mac@videodome[1].txt (ID = 3638)
11:02 PM: Found Spy Cookie: belnk cookie
11:02 PM: mac@ath.belnk[2].txt (ID = 2293)
11:02 PM: Found Spy Cookie: touchclarity cookie
11:02 PM: mac@partypoker.touchclarity[1].txt (ID = 3567)
11:02 PM: Found Spy Cookie: atwola cookie
11:02 PM: mac@atwola[1].txt (ID = 2255)
11:03 PM: Found Spy Cookie: mygeek cookie
11:03 PM: mac@mygeek[2].txt (ID = 3041)
11:03 PM: Found Spy Cookie: pointroll cookie
11:03 PM: mac@ads.pointroll[1].txt (ID = 3148)
11:03 PM: Found Spy Cookie: ugl.adtrak cookie
11:03 PM: mac@ugl.adtrak[1].txt (ID = 3606)
11:03 PM: Found Spy Cookie: hbmediapro cookie
11:03 PM: mac@adopt.hbmediapro[2].txt (ID = 2768)
11:03 PM: Found Spy Cookie: nextag cookie
11:03 PM: mac@nextag[2].txt (ID = 5014)
11:03 PM: Found Spy Cookie: rednova cookie
11:03 PM: mac@rednova[2].txt (ID = 3245)
11:03 PM: Found Spy Cookie: specificclick.com cookie
11:03 PM: mac@adopt.specificclick[2].txt (ID = 3400)
11:03 PM: Found Spy Cookie: exitexchange cookie
11:03 PM: mac@exitexchange[1].txt (ID = 2633)
11:03 PM: Found Spy Cookie: go.com cookie
11:03 PM: mac@rsi.abc.go[1].txt (ID = 2729)
11:03 PM: Found Spy Cookie: adknowledge cookie
11:03 PM: mac@adknowledge[2].txt (ID = 2072)
11:03 PM: mac@www.rednova[2].txt (ID = 3246)
11:03 PM: Found Spy Cookie: serving-sys cookie
11:03 PM: mac@serving-sys[2].txt (ID = 3343)
11:03 PM: mac@belnk[1].txt (ID = 2292)
11:03 PM: Found Spy Cookie: yieldmanager cookie
11:03 PM: mac@yieldmanager[2].txt (ID = 3749)
11:03 PM: mac@go[1].txt (ID = 2728)
11:03 PM: Found Spy Cookie: partypoker cookie
11:03 PM: mac@partypoker[2].txt (ID = 3111)
11:03 PM: Found Spy Cookie: overture cookie
11:03 PM: mac@perf.overture[1].txt (ID = 3106)
11:03 PM: Found Spy Cookie: reliablestats cookie
11:03 PM: mac@stats1.reliablestats[2].txt (ID = 3254)
11:03 PM: mac@disneyonice.disney.go[1].txt (ID = 2729)
11:03 PM: Found Spy Cookie: clickandtrack cookie
11:03 PM: mac@hits.clickandtrack[1].txt (ID = 2397)
11:03 PM: mac@2o7[2].txt (ID = 1957)
11:03 PM: mac@msnportal.112.2o7[2].txt (ID = 1958)
11:03 PM: Found Spy Cookie: burstnet cookie
11:03 PM: mac@burstnet[2].txt (ID = 2336)
11:03 PM: Found Spy Cookie: burstbeacon cookie
11:03 PM: mac@www.burstbeacon[1].txt (ID = 2335)
11:03 PM: Found Spy Cookie: coolsavings cookie
11:03 PM: mac@coolsavings[1].txt (ID = 2465)
11:03 PM: Found Spy Cookie: enhance cookie
11:03 PM: mac@c.enhance[2].txt (ID = 2614)
11:03 PM: Found Spy Cookie: one-time-offer cookie
11:03 PM: mac@one-time-offer[2].txt (ID = 3095)
11:03 PM: Found Spy Cookie: metareward.com cookie
11:03 PM: mac@metareward[1].txt (ID = 2990)
11:03 PM: mac@dist.belnk[2].txt (ID = 2293)
11:03 PM: mac@sav.coolsavings[1].txt (ID = 2466)
11:03 PM: mac@disney.videos.go[1].txt (ID = 2729)
11:03 PM: Found Spy Cookie: apmebf cookie
11:03 PM: mac@apmebf[2].txt (ID = 2229)
11:03 PM: mac@ad.yieldmanager[1].txt (ID = 3751)
11:03 PM: mac@cnn.122.2o7[2].txt (ID = 1958)
11:03 PM: mac@exitexchange[8].txt (ID = 2633)
11:03 PM: Found Spy Cookie: about cookie
11:03 PM: mac@about[1].txt (ID = 2037)
11:03 PM: mac@msnportal.112.2o7[1].txt (ID = 1958)
11:03 PM: Found Spy Cookie: bluestreak cookie
11:03 PM: mac@bluestreak[1].txt (ID = 2314)
11:03 PM: Found Spy Cookie: bs.serving-sys cookie
11:03 PM: mac@bs.serving-sys[1].txt (ID = 2330)
11:03 PM: mac@exitexchange[2].txt (ID = 2633)
11:03 PM: mac@ads.pointroll[2].txt (ID = 3148)
11:03 PM: Found Spy Cookie: questionmarket cookie
11:03 PM: mac@questionmarket[2].txt (ID = 3217)
11:03 PM: Found Spy Cookie: adserver cookie
11:03 PM: mac@z1.adserver[1].txt (ID = 2142)
11:03 PM: mac@cbs.112.2o7[1].txt (ID = 1958)
11:03 PM: Found Spy Cookie: fastclick cookie
11:03 PM: mac@fastclick[1].txt (ID = 2651)
11:03 PM: Found Spy Cookie: starware.com cookie
11:03 PM: mac@starware[2].txt (ID = 3441)
11:03 PM: Found Spy Cookie: epilot cookie
11:03 PM: mac@www.epilot[1].txt (ID = 2622)
11:03 PM: Found Spy Cookie: screensavers.com cookie
11:03 PM: mac@i.screensavers[1].txt (ID = 3298)
11:03 PM: mac@abc.go[1].txt (ID = 2729)
11:03 PM: Found Spy Cookie: maxserving cookie
11:03 PM: mac@maxserving[1].txt (ID = 2966)
11:03 PM: mac@americasnotenetwork.122.2o7[1].txt (ID = 1958)
11:03 PM: mac@go[3].txt (ID = 2728)
11:03 PM: mac@go[4].txt (ID = 2728)
11:03 PM: mac@adopt.specificclick[1].txt (ID = 3400)
11:03 PM: mac@overture[1].txt (ID = 3105)
11:03 PM: Found Spy Cookie: pricegrabber cookie
11:03 PM: mac@pricegrabber[1].txt (ID = 3185)
11:03 PM: mac@atwola[2].txt (ID = 2255)
11:03 PM: mac@abc.go[3].txt (ID = 2729)
11:04 PM: Found Spy Cookie: trafficmp cookie
11:04 PM: mac@trafficmp[2].txt (ID = 3581)
11:04 PM: Found Spy Cookie: clickbank cookie
11:04 PM: mac@clickbank[1].txt (ID = 2398)
11:04 PM: Found Spy Cookie: spylog cookie
11:04 PM: mac@spylog[1].txt (ID = 3415)
11:04 PM: Found Spy Cookie: popuppers cookie
11:04 PM: mac@www.popuppers[1].txt (ID = 3158)
11:04 PM: Found Spy Cookie: hotlog cookie
11:04 PM: mac@hotlog[2].txt (ID = 2801)
11:04 PM: Found Spy Cookie: ru4 cookie
11:04 PM: mac@edge.ru4[1].txt (ID = 3269)
11:04 PM: Found Spy Cookie: revenue.net cookie
11:04 PM: mac@revenue[2].txt (ID = 3257)
11:04 PM: Found Spy Cookie: zedo cookie
11:04 PM: mac@zedo[1].txt (ID = 3762)
11:04 PM: Found Spy Cookie: server.iad.liveperson cookie
11:04 PM: mac@server.iad.liveperson[2].txt (ID = 3341)
11:04 PM: mac@yieldmanager[1].txt (ID = 3749)
11:04 PM: mac@www.starware[1].txt (ID = 3442)
11:04 PM: mac@exitexchange[3].txt (ID = 2633)
11:04 PM: Found Spy Cookie: casalemedia cookie
11:04 PM: mac@casalemedia[2].txt (ID = 2354)
11:04 PM: Found Spy Cookie: falkag cookie
11:04 PM: mac@as-us.falkag[2].txt (ID = 2650)
11:04 PM: mac@ad.yieldmanager[2].txt (ID = 3751)
11:04 PM: mac@popuppers[2].txt (ID = 3157)
11:04 PM: mac@exitexchange[4].txt (ID = 2633)
11:04 PM: mac@exitexchange[5].txt (ID = 2633)
11:04 PM: mac@exitexchange[6].txt (ID = 2633)
11:04 PM: mac@exitexchange[7].txt (ID = 2633)
11:04 PM: Found Spy Cookie: adrevolver cookie
11:04 PM: mac@adrevolver[2].txt (ID = 2088)
11:04 PM: Found Spy Cookie: adorigin cookie
11:04 PM: mac@adorigin[2].txt (ID = 2082)
11:04 PM: mac@h.starware[2].txt (ID = 3442)
11:04 PM: mac@www.screensavers[2].txt (ID = 3298)
11:04 PM: mac@adknowledge[3].txt (ID = 2072)
11:04 PM: mac@media.fastclick[2].txt (ID = 2652)
11:04 PM: Cookie Sweep Complete, Elapsed Time: 00:01:32
11:04 PM: Full Sweep has completed. Elapsed time 01:00:23
11:04 PM: Traces Found: 829
11:13 PM: Removal process initiated
11:13 PM: Quarantining All Traces: 2nd-thought
11:14 PM: Quarantining All Traces: 180search assistant/zango
11:14 PM: Quarantining All Traces: begin2search
11:14 PM: Quarantining All Traces: blazefind
11:14 PM: Quarantining All Traces: delfin
11:14 PM: Quarantining All Traces: downloadware
11:14 PM: Quarantining All Traces: findwhatevernow toolbar
11:14 PM: Warning: Cannot open file "C:\WINDOWS\TEMP\". The system cannot find the path specified
11:14 PM: Failed to quarantine findwhatevernow toolbar
11:14 PM: Failed to quarantine HKLM: software\classes\fwn.isubclass\
11:14 PM: Quarantining All Traces: hotbar
11:14 PM: Quarantining All Traces: internetoptimizer
11:14 PM: Quarantining All Traces: media-motor
11:14 PM: Quarantining All Traces: mirar webband
11:14 PM: Quarantining All Traces: moneytree
11:14 PM: Quarantining All Traces: networkessentials
11:14 PM: Quarantining All Traces: safesurf
11:14 PM: Quarantining All Traces: scbar
11:14 PM: Quarantining All Traces: sidesearch
11:14 PM: Quarantining All Traces: squire webhelper
11:14 PM: Quarantining All Traces: tvmedia
11:14 PM: Quarantining All Traces: webhancer
11:15 PM: webhancer is in use. It will be removed on reboot.
11:15 PM: C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL is in use. It will be removed on reboot.
11:15 PM: C:\Program Files\webHancer\Programs\whAgent.exe is in use. It will be removed on reboot.
11:15 PM: C:\WINDOWS\webhdll.dll is in use. It will be removed on reboot.
11:15 PM: Quarantining All Traces: webrebates
11:15 PM: Quarantining All Traces: wildmedia
11:15 PM: Quarantining All Traces: winad
11:15 PM: Quarantining All Traces: 2o7.net cookie
11:15 PM: Quarantining All Traces: about cookie
11:15 PM: Quarantining All Traces: adknowledge cookie
11:15 PM: Quarantining All Traces: adorigin cookie
11:15 PM: Quarantining All Traces: adrevolver cookie
11:15 PM: Quarantining All Traces: adserver cookie
11:15 PM: Quarantining All Traces: apmebf cookie
11:16 PM: Quarantining All Traces: atwola cookie
11:16 PM: Quarantining All Traces: belnk cookie
11:16 PM: Quarantining All Traces: bluestreak cookie
11:16 PM: Quarantining All Traces: bs.serving-sys cookie
11:16 PM: Quarantining All Traces: burstbeacon cookie
11:16 PM: Quarantining All Traces: burstnet cookie
11:16 PM: Quarantining All Traces: casalemedia cookie
11:16 PM: Quarantining All Traces: clickandtrack cookie
11:16 PM: Quarantining All Traces: clickbank cookie
11:16 PM: Quarantining All Traces: coolsavings cookie
11:16 PM: Quarantining All Traces: enhance cookie
11:16 PM: Quarantining All Traces: epilot cookie
11:16 PM: Quarantining All Traces: exitexchange cookie
11:16 PM: Quarantining All Traces: falkag cookie
11:16 PM: Quarantining All Traces: fastclick cookie
11:16 PM: Quarantining All Traces: go.com cookie
11:16 PM: Quarantining All Traces: hbmediapro cookie
11:16 PM: Quarantining All Traces: hotlog cookie
11:16 PM: Quarantining All Traces: maxserving cookie
11:16 PM: Quarantining All Traces: metareward.com cookie
11:16 PM: Quarantining All Traces: mygeek cookie
11:16 PM: Quarantining All Traces: nextag cookie
11:16 PM: Quarantining All Traces: one-time-offer cookie
11:16 PM: Quarantining All Traces: overture cookie
11:16 PM: Quarantining All Traces: partypoker cookie
11:16 PM: Quarantining All Traces: pointroll cookie
11:16 PM: Quarantining All Traces: popuppers cookie
11:16 PM: Quarantining All Traces: pricegrabber cookie
11:16 PM: Quarantining All Traces: questionmarket cookie
11:16 PM: Quarantining All Traces: rednova cookie
11:16 PM: Quarantining All Traces: reliablestats cookie
11:16 PM: Quarantining All Traces: revenue.net cookie
11:16 PM: Quarantining All Traces: rn11 cookie
11:16 PM: Quarantining All Traces: ru4 cookie
11:16 PM: Quarantining All Traces: screensavers.com cookie
11:16 PM: Quarantining All Traces: server.iad.liveperson cookie
11:16 PM: Quarantining All Traces: serving-sys cookie
11:16 PM: Quarantining All Traces: specificclick.com cookie
11:16 PM: Quarantining All Traces: spylog cookie
11:16 PM: Quarantining All Traces: starware.com cookie
11:16 PM: Quarantining All Traces: touchclarity cookie
11:16 PM: Quarantining All Traces: trafficmp cookie
11:16 PM: Quarantining All Traces: ugl.adtrak cookie
11:16 PM: Quarantining All Traces: videodome cookie
11:16 PM: Quarantining All Traces: yieldmanager cookie
11:16 PM: Quarantining All Traces: zedo cookie
11:17 PM: Removal process completed. Elapsed time 00:04:18
11:32 PM: Sent error log: C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
********
9:43 PM: | Start of Session, Tuesday, March 07, 2006 |
9:43 PM: Spy Sweeper started
9:43 PM: Sweep initiated using definitions version 556
9:43 PM: Starting Memory Sweep
9:44 PM: Found Adware: internetoptimizer
9:44 PM: Detected running threat: C:\WINDOWS\WSEM303.DLL (ID = 64134)
9:55 PM: Spy Installation Shield: found: Adware: internetoptimizer, version 1.0.0.0 -- Execution Denied
9:55 PM: Spy Installation Shield: found: Adware: internetoptimizer, version 1.0.0.0 -- Execution Denied
9:55 PM: Found Adware: moneytree
9:55 PM: Detected running threat: C:\WINDOWS\nem220.dll (ID = 64043)
10:00 PM: Found Adware: media-motor
10:00 PM: Detected running threat: C:\WINDOWS\mkneymteh.exe (ID = 73946)
10:00 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || scfiybqgw (ID = 0)
10:04 PM: Found Adware: delfin
10:04 PM: Detected running threat: C:\WINDOWS\mm15201518.Stub.exe (ID = 57738)
10:04 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || motoin (ID = 0)
10:05 PM: Detected running threat: C:\Program Files\Internet Optimizer\install.exe (ID = 64033)
10:05 PM: Detected running threat: C:\Program Files\Internet Optimizer\actalert.exe (ID = 64016)
10:10 PM: Detected running threat: C:\Program Files\Internet Optimizer\optimize.exe (ID = 125346)
10:12 PM: Memory Sweep Complete, Elapsed Time: 00:28:50
10:12 PM: Starting Registry Sweep
10:13 PM: Found Trojan Horse: 2nd-thought
10:13 PM: HKLM\software\microsoft\windows\currentversion\run\ || stcinstaller (ID = 102013)
10:24 PM: Found Adware: begin2search
10:24 PM: HKCR\interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}\ (8 subtraces) (ID = 104125)
10:24 PM: HKCR\interface\{17973bd7-959c-4d8a-8b2f-ab200e20a75e}\ (8 subtraces) (ID = 104129)
10:24 PM: HKCR\interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}\ (8 subtraces) (ID = 104130)
10:24 PM: HKCR\interface\{b12508ad-ca55-4238-8db3-55808ba6915a}\ (8 subtraces) (ID = 104132)
10:24 PM: HKCR\interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}\ (8 subtraces) (ID = 104134)
10:24 PM: HKCR\interface\{f912c325-5b26-4ad6-bf39-84370833e972}\ (8 subtraces) (ID = 104140)
10:25 PM: HKLM\software\classes\interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}\ (8 subtraces) (ID = 104175)
10:25 PM: HKLM\software\classes\interface\{17973bd7-959c-4d8a-8b2f-ab200e20a75e}\ (8 subtraces) (ID = 104179)
10:25 PM: HKLM\software\classes\interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}\ (8 subtraces) (ID = 104180)
10:25 PM: HKLM\software\classes\interface\{b12508ad-ca55-4238-8db3-55808ba6915a}\ (8 subtraces) (ID = 104182)
10:25 PM: HKLM\software\classes\interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}\ (8 subtraces) (ID = 104184)
10:25 PM: HKLM\software\classes\interface\{f912c325-5b26-4ad6-bf39-84370833e972}\ (8 subtraces) (ID = 104190)
10:25 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {52fe5233-367c-4efb-bdd7-0be4d212c107} (ID = 104209)
10:25 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4d568f0f-8ac9-40ab-88b7-415134c78777}\ (ID = 104210)
10:26 PM: Found Adware: blazefind
10:26 PM: HKLM\software\microsoft\windows\currentversion\uninstall\preview adservice\ (1 subtraces) (ID = 104549)
10:26 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 3.0\ (4 subtraces) (ID = 104553)
10:26 PM: HKLM\software\preview adservice\ (3 subtraces) (ID = 104556)
10:41 PM: HKLM\software\dvx\ (2 subtraces) (ID = 124854)
10:41 PM: HKLM\software\microsoft\windows\currentversion\run\ || motoin (ID = 124865)
10:42 PM: Found Adware: downloadware
10:42 PM: HKLM\software\microsoft\windows\currentversion\uninstall\medialoads enhanced\ (2 subtraces) (ID = 125363)
10:43 PM: Found Adware: findwhatevernow toolbar
10:43 PM: HKCR\clsid\{3d0bdab3-12f4-471c-8966-e35a2c6c7de7}\ (13 subtraces) (ID = 126458)
10:43 PM: HKCR\clsid\{3d156636-3f7e-46c9-9ac1-5e4d8202aa23}\ (10 subtraces) (ID = 126459)
10:43 PM: HKCR\fwn.fwntoolbar\ (3 subtraces) (ID = 126462)
10:43 PM: HKCR\fwn.isubclass\ (3 subtraces) (ID = 126463)
10:43 PM: HKCR\interface\{3dbbf8b7-a97c-4a92-8d27-d29222e6b60f}\ (8 subtraces) (ID = 126464)
10:43 PM: HKLM\software\classes\clsid\{3d0bdab3-12f4-471c-8966-e35a2c6c7de7}\ (13 subtraces) (ID = 126468)
10:43 PM: HKLM\software\classes\clsid\{3d156636-3f7e-46c9-9ac1-5e4d8202aa23}\ (10 subtraces) (ID = 126469)
10:43 PM: HKLM\software\classes\fwn.fwntoolbar\ (3 subtraces) (ID = 126472)
10:43 PM: HKLM\software\classes\fwn.isubclass\ (3 subtraces) (ID = 126473)
10:43 PM: HKLM\software\classes\interface\{3dbbf8b7-a97c-4a92-8d27-d29222e6b60f}\ (8 subtraces) (ID = 126474)
10:43 PM: HKLM\software\classes\typelib\{0e9db3ab-d16a-47cf-b59a-f74d649bea5b}\ (9 subtraces) (ID = 126477)
10:43 PM: HKCR\typelib\{0e9db3ab-d16a-47cf-b59a-f74d649bea5b}\ (9 subtraces) (ID = 126486)
10:46 PM: HKU\.default\software\avenue media\ (ID = 128878)
10:46 PM: HKU\.default\software\policies\avenue media\ (ID = 128879)
10:46 PM: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128885)
10:46 PM: HKLM\software\avenue media\ (52 subtraces) (ID = 128888)
10:46 PM: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128896)
10:46 PM: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912)
10:46 PM: HKLM\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 128916)
10:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer\ (2 subtraces) (ID = 128921)
10:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer active alert\ (3 subtraces) (ID = 128922)
10:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer software installer\ (3 subtraces) (ID = 128923)
10:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\kapabout\ (2 subtraces) (ID = 128924)
10:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
10:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wsem update\ (2 subtraces) (ID = 128927)
10:46 PM: HKLM\software\policies\avenue media\ (ID = 128929)
11:03 PM: HKCR\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ (11 subtraces) (ID = 135167)
11:03 PM: HKCR\clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}\ (11 subtraces) (ID = 135171)
11:03 PM: HKCR\dyfuca_bh.bhobj.1\ (3 subtraces) (ID = 135175)
11:03 PM: HKCR\dyfuca_bh.bhobj\ (5 subtraces) (ID = 135176)
11:03 PM: HKCR\dyfuca_bh.sinkobj.1\ (3 subtraces) (ID = 135177)
11:03 PM: HKCR\dyfuca_bh.sinkobj\ (5 subtraces) (ID = 135178)
11:03 PM: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (8 subtraces) (ID = 135185)
11:03 PM: HKLM\software\classes\dyfuca_bh.bhobj\ (5 subtraces) (ID = 135194)
11:03 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ (ID = 135211)
11:03 PM: HKLM\software\microsoft\windows\currentversion\uninstall\dyfuca\ (ID = 135214)
11:03 PM: HKCR\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\ (9 subtraces) (ID = 135216)
11:04 PM: Found Adware: 180search assistant/zango
11:04 PM: HKLM\software\saap\ (8 subtraces) (ID = 135785)
11:04 PM: Found Adware: networkessentials
11:04 PM: HKCR\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136074)
11:04 PM: HKCR\mp.mediapops.1\ (3 subtraces) (ID = 136079)
11:04 PM: HKCR\mp.mediapops\ (5 subtraces) (ID = 136080)
11:04 PM: HKLM\software\classes\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136147)
11:04 PM: HKLM\software\classes\mp.mediapops\ (5 subtraces) (ID = 136152)
11:04 PM: HKLM\software\classes\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136154)
11:04 PM: HKCR\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136181)
11:06 PM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (27 subtraces) (ID = 140032)
11:06 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
11:06 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
11:06 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
11:06 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
11:06 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
11:06 PM: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
11:06 PM: HKLM\software\classes\iobjsafety.democtl\ (3 subtraces) (ID = 140120)
11:07 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
11:07 PM: HKLM\software\microsoft\code store database\distribution units\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (12 subtraces) (ID = 140140)
11:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media-motor\ (2 subtraces) (ID = 140208)
11:07 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
11:07 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
11:07 PM: Found Adware: safesurf
11:07 PM: HKLM\software\microsoft\windows\currentversion\ || np (ID = 140392)
11:07 PM: Found Adware: scbar
11:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\batch assistant\ (2 subtraces) (ID = 140508)
11:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\data compiler\ (2 subtraces) (ID = 140509)
11:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\indexing function\ (2 subtraces) (ID = 140510)
11:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sbm os\ (2 subtraces) (ID = 140511)
11:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\search os\ (2 subtraces) (ID = 140512)
11:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tp http\ (2 subtraces) (ID = 140514)
11:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\url.ie app\ (2 subtraces) (ID = 140515)
11:09 PM: Found Adware: squire webhelper
11:09 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sqwire\ (2 subtraces) (ID = 142190)
11:14 PM: Found Adware: tvmedia
11:14 PM: HKU\.default\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145298)
11:14 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145311)
11:16 PM: Found Adware: webrebates
11:16 PM: HKCR\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (13 subtraces) (ID = 146292)
11:16 PM: HKCR\imgconv.clsimgconv\ (3 subtraces) (ID = 146293)
11:16 PM: HKLM\software\classes\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (13 subtraces) (ID = 146294)
11:16 PM: HKLM\software\classes\imgconv.clsimgconv\ (3 subtraces) (ID = 146295)
11:16 PM: HKLM\software\classes\typelib\{15e7d23b-736e-46fa-bffd-cbec4126befd}\ (9 subtraces) (ID = 146296)
11:16 PM: HKCR\typelib\{15e7d23b-736e-46fa-bffd-cbec4126befd}\ (9 subtraces) (ID = 146304)
11:19 PM: Found Adware: wildmedia
11:19 PM: HKLM\software\wildmedia\ (2 subtraces) (ID = 146962)
11:19 PM: Found Adware: winad
11:19 PM: HKCR\prevadx.installer\ (3 subtraces) (ID = 147161)
11:19 PM: HKLM\software\classes\prevadx.installer\ (3 subtraces) (ID = 147175)
11:21 PM: HKLM\software\avenue media\internet optimizer\ (51 subtraces) (ID = 394594)
11:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || 0.74 (ID = 797732)
11:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || 0.29 (ID = 797733)
11:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || 0.79 (ID = 797735)
11:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || 0.36 (ID = 797736)
11:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || 0.80 (ID = 797737)
11:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || 0.91 (ID = 797738)
11:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || 0.73 (ID = 797739)
11:26 PM: HKU\.DEFAULT\software\2nd\ (2 subtraces) (ID = 101987)
11:27 PM: Found Adware: hotbar
11:27 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
11:28 PM: HKU\.DEFAULT\software\avenue media\ (ID = 128887)
11:28 PM: HKU\.DEFAULT\software\policies\avenue media\ (ID = 128928)
11:28 PM: HKU\.DEFAULT\software\saap\ (3 subtraces) (ID = 135784)
11:28 PM: HKU\.DEFAULT\software\support software\ (11 subtraces) (ID = 136177)
11:29 PM: HKU\.DEFAULT\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145309)
11:29 PM: Found Adware: sidesearch
11:29 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
11:29 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
11:30 PM: Starting Cookie Sweep


Scan from HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 11:46:06 PM, on 3/8/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DRMON\SMARTAGT\SMARTAGT.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WBEM\CIMOM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;localhost
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -off
O4 - HKLM\..\Run: [Matrox PowerDesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [AdBlocker] C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [dRMON SmartAgent] drmon\SmartAgt\SmartAgt.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] C:\WINDOWS\SYSTEM\The associated domain name has probably been reserved by a client from
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .rpm: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppl3260.dll
O12 - Plugin for .ica: C:\PROGRA~1\INTERN~1\PLUGINS\NPICAN.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
Any areas of concern that I need to address?

Thanks,

Dean
 
Upvote 0 Downvote
Kill the following:

O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\PROGRAM FILES\ADVANCED SEARCHBAR\TOOLBAR.DLL

O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)

O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.

O4 - HKCU\..\Run: [] c:\WINDOWS\System\

O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] C:\WINDOWS\SYSTEM\The associated domain name has probably been reserved by a client from

Hope that helps,

Erik
 
Upvote 0 Downvote
Erik,

I am now receiving the following errors:

"IPHDLAPI.DLL" not responding
"MSINM" caused a fault

Also our "OUTLOOK" is not connecting to the internet.

Any ideas as to fixing the above issues?

Thanks,

Dean
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
764
Yoko Littner
Yoko Littner
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
259
2ffat
2ffat
2ffat
  • Locked
  • News
CNET/Download.com have cleaned up their act! 4
Replies
5
Views
171
kjv1611
kjv1611
javierdlm001
  • Locked
  • Question
"Win32.Downloader.gen" found as Malware by Spybot
Replies
3
Views
164
2ffat
2ffat
2ffat
  • Locked
  • News
C-Ware Bundled on "ALL" Freeware Sites
Replies
6
Views
181
xit
xit

Part and Inventory Search

Sponsor

Back
Top