MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Win Min error
December 13, 2019, 05:16:02 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 13, 2019, 05:16:02 PM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Win Min error  (Read 1497 times)
Hadrian
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« on: April 25, 2005, 06:52:43 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:XP
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



I have been working on friends computer for a day now and can't seem to get everything fixed.  I ran a kesperskey virus scan and removed 73 virsues.  The main problem I dealt w/ was the trojan.spy.html.smitfraud.c, I believe I have taken care of that.  Now it gets a win min error on shutdown and the home page is hijacked to some search engine.  here is the hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 2:24:59 PM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\WINDOWS\System32\jmscvc.exe
C:\WINDOWS\pgtaff.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\Tb.exe
C:\program files\180search assistant\saap.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Program Files\Bcpc\bcpc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
C:\WINDOWS\System32\?hkdsk.exe
C:\Documents and Settings\Abbey Castonia\Application Data\elat.exe
C:\wp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Abbey Castonia\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32v.dll
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O2 - BHO: (no name) - {C247C1A2-2A43-7790-1AFD-71E29F222CC6} - C:\WINDOWS\System32\dfx.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {125AAD6E-08E6-5DD0-69A7-8E9759F328EF} - C:\WINDOWS\Yentbuiu.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll (file missing)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [rtkswd] C:\WINDOWS\System32\jmscvc.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [BS Player] BSPLAYER.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [nybpjc] C:\WINDOWS\System32\nybpjc.exe
O4 - HKLM\..\Run: [Ydftkfp] C:\WINDOWS\Qtstel.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKLM\..\Run: [USB controller] "C:\WINDOWS\TEMP\svcmm32.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [wmv] C:\WINDOWS\System32\winmonv.exe
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmg.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Tb] C:\windows\system32\Tb.exe
O4 - HKLM\..\Run: [vypk.exe] c:\windows\system32\vypk.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\npvnpa.exe
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe
O4 - HKLM\..\Run: [uhmt] C:\WINDOWS\uhmt.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [BCPC] "C:\Program Files\Bcpc\bcpc.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\ABBEYC~1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [umdmxfrm] C:\WINDOWS\System32\umdmxfrm.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKCU\..\Run: [ZAx6RQcEh] dmils.exe
O4 - HKCU\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKCU\..\Run: [Cbghbmht] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\Abbey Castonia\Application Data\elat.exe
O4 - HKCU\..\Run: [solnmwr] c:\windows\gtlflkb.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [yfyelge] c:\windows\gtlflkb.exe
O4 - HKCU\..\Run: [gjfghbm] c:\windows\urxeifo.exe
O4 - HKCU\..\Run: [fsusd] C:\WINDOWS\System32\fsusd.exe
O4 - HKCU\..\Run: [niuyqlv] c:\windows\urxeifo.exe
O4 - HKCU\..\Run: [dvdeqhl] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [ytlnaqg] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [kpukpos] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [hshtspn] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [fbtqlvf] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [tsccmxh] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [fmunypf] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [idbvqoa] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [kahbkfg] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [ivwdcbt] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [fmgtbir] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [gdplmcj] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [iojeeld] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [bygjoyq] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [femprtg] c:\windows\sacxjig.exe
O4 - HKCU\..\Run: [wutaoja] c:\windows\sacxjig.exe
O4 - HKCU\..\Run: [rogeqtq] c:\windows\pqyuhsc.exe
O4 - HKCU\..\Run: [fmwnlsl] c:\windows\pqyuhsc.exe
O4 - HKCU\..\Run: [qqbjywm] c:\windows\pqyuhsc.exe
O4 - HKCU\..\Run: [awgjjnc] c:\windows\pqyuhsc.exe
O4 - HKCU\..\Run: [tugfmwf] c:\windows\paaemsq.exe
O4 - HKCU\..\Run: [oaclyrd] c:\windows\xvvvdjn.exe
O4 - HKCU\..\Run: [eawnkpx] c:\windows\xvvvdjn.exe
O4 - HKCU\..\Run: [peamchx] c:\windows\xvvvdjn.exe
O4 - HKCU\..\Run: [qcbheti] c:\windows\xvvvdjn.exe
O4 - HKCU\..\Run: [vjrheag] c:\windows\ilrqmyg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BE62A02F-DBE4-42C2-A74D-76FF401D9054} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BE62A02F-DBE4-42C2-A74D-76FF401D9054} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lspak.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install007.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=168d3f0c8f5ebbd0d83ee5445ae40e55469aa3fdaf24dd3540c41ee1ea302c2d59104a57d59aa8baedc40580da1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/thin.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50203/QDow_AS2.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
O16 - DPF: {EBBD88E5-C372-469D-B4C5-1FE00352AB9B} (FavoriteMan Class) - http://www.ouchvideo.com/mmviewer_ic.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\System32\lmf32v.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)

Logged

 
Hadrian
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #1 on: April 26, 2005, 07:41:21 PM »

So I ran an adaware and a spybot s&D, and still the pc is running slow and stll gettin the win min error, once again here is the highjackthis log.  Someone plz take a look at this log and let me know which steps I should take to fix these errors.   Highjackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 3:37:38 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\wp.exe
C:\windows\gtlflkb.exe
C:\windows\yvnvrfk.exe
C:\windows\yvnvrfk.exe
C:\windows\yvnvrfk.exe
C:\windows\yvnvrfk.exe
C:\windows\yvnvrfk.exe
C:\windows\yvnvrfk.exe
C:\windows\yvnvrfk.exe
C:\windows\sacxjig.exe
C:\windows\sacxjig.exe
C:\windows\pqyuhsc.exe
C:\windows\pqyuhsc.exe
C:\windows\xvvvdjn.exe
C:\Documents and Settings\Abbey Castonia\Application Data\elat.exe
C:\windows\jecvyof.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Abbey Castonia\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {C247C1A2-2A43-7790-1AFD-71E29F222CC6} - C:\WINDOWS\System32\dfx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [BS Player] BSPLAYER.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [Ydftkfp] C:\WINDOWS\Qtstel.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe
O4 - HKLM\..\Run: [USB controller] "C:\WINDOWS\TEMP\svcmm32.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Tb] C:\windows\system32\Tb.exe
O4 - HKLM\..\Run: [vypk.exe] c:\windows\system32\vypk.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\npvnpa.exe
O4 - HKLM\..\Run: [uhmt] C:\WINDOWS\uhmt.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\ABBEYC~1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [umdmxfrm] C:\WINDOWS\System32\umdmxfrm.exe
O4 - HKCU\..\Run: [ZAx6RQcEh] dmils.exe
O4 - HKCU\..\Run: [Cbghbmht] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [solnmwr] c:\windows\gtlflkb.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [yfyelge] c:\windows\gtlflkb.exe
O4 - HKCU\..\Run: [gjfghbm] c:\windows\urxeifo.exe
O4 - HKCU\..\Run: [fsusd] C:\WINDOWS\System32\fsusd.exe
O4 - HKCU\..\Run: [niuyqlv] c:\windows\urxeifo.exe
O4 - HKCU\..\Run: [dvdeqhl] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [ytlnaqg] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [kpukpos] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [hshtspn] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [fbtqlvf] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [tsccmxh] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [fmunypf] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [idbvqoa] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [kahbkfg] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [ivwdcbt] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [fmgtbir] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [gdplmcj] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [iojeeld] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [bygjoyq] c:\windows\yvnvrfk.exe
O4 - HKCU\..\Run: [femprtg] c:\windows\sacxjig.exe
O4 - HKCU\..\Run: [wutaoja] c:\windows\sacxjig.exe
O4 - HKCU\..\Run: [rogeqtq] c:\windows\pqyuhsc.exe
O4 - HKCU\..\Run: [fmwnlsl] c:\windows\pqyuhsc.exe
O4 - HKCU\..\Run: [qqbjywm] c:\windows\pqyuhsc.exe
O4 - HKCU\..\Run: [awgjjnc] c:\windows\pqyuhsc.exe
O4 - HKCU\..\Run: [tugfmwf] c:\windows\paaemsq.exe
O4 - HKCU\..\Run: [oaclyrd] c:\windows\xvvvdjn.exe
O4 - HKCU\..\Run: [eawnkpx] c:\windows\xvvvdjn.exe
O4 - HKCU\..\Run: [peamchx] c:\windows\xvvvdjn.exe
O4 - HKCU\..\Run: [qcbheti] c:\windows\xvvvdjn.exe
O4 - HKCU\..\Run: [vjrheag] c:\windows\ilrqmyg.exe
O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\Abbey Castonia\Application Data\elat.exe
O4 - HKCU\..\Run: [tdxnxtu] c:\windows\jecvyof.exe
O4 - HKCU\..\Run: [pdnyeyh] c:\windows\jecvyof.exe
O4 - HKCU\..\Run: [ckvfbks] c:\windows\jecvyof.exe
O4 - HKCU\..\Run: [ynchfsx] c:\windows\jecvyof.exe
O4 - HKCU\..\Run: [oxabail] c:\windows\kpigfhr.exe
O4 - HKCU\..\Run: [vtjhuxx] c:\windows\chwnfvg.exe
O4 - HKCU\..\Run: [dpsnpol] c:\windows\tamvgju.exe
O4 - HKCU\..\Run: [ktelelw] c:\windows\vvwybmk.exe
O4 - HKCU\..\Run: [rtbajsv] c:\windows\sqjfaha.exe
O4 - HKCU\..\Run: [jyrtoci] c:\windows\bxuxytk.exe
O4 - HKCU\..\Run: [hcrufrx] c:\windows\rwsyftc.exe
O4 - HKCU\..\Run: [ylvxtrw] c:\windows\fhbocnn.exe
O4 - HKCU\..\Run: [ghfeoik] c:\windows\wyqwcbd.exe
O4 - HKCU\..\Run: [siktdyr] c:\windows\kpigfhr.exe
O4 - HKCU\..\Run: [mjjlpyv] c:\windows\chwnfvg.exe
O4 - HKCU\..\Run: [gjhccaa] c:\windows\tamvgju.exe
O4 - HKCU\..\Run: [ebldilv] c:\windows\bxuxytk.exe
O4 - HKCU\..\Run: [lebqsqy] c:\windows\vvwybmk.exe
O4 - HKCU\..\Run: [xcktuma] c:\windows\sqjfaha.exe
O4 - HKCU\..\Run: [aildqxn] c:\windows\rwsyftc.exe
O4 - HKCU\..\Run: [sfwpfsl] c:\windows\wyqwcbd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BE62A02F-DBE4-42C2-A74D-76FF401D9054} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BE62A02F-DBE4-42C2-A74D-76FF401D9054} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lspak.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50203/QDow_AS2.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)

Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page January 06, 2019, 04:21:01 PM