« previous next »
Pages: [1] 2 3   Go Down

Author Topic: win32adwaremediaticket,it wont disapear!  (Read 14163 times)

0 Members and 1 Guest are viewing this topic.

mEhE

  • Guest
win32adwaremediaticket,it wont disapear!
« on: April 14, 2006, 12:24:36 PM »
Anyone no how to clean win32adware\mediatickets  ?
have tryed everything and it still coming back.. i have disabled system restore...
i have tryed http://forum.avast.com/index.php?topic=14273;prev_next=next
using nod32 1.14 and spyware doctor 3.5.. and win xp.
log from nod32:
C:\Programfiler\W?nSxS\?ti2evxx.exe is infected and    c:\windows\system32\m?dtc.exe   a variant of Win32/Adware.MediaTickets application         
« Last Edit: April 14, 2006, 12:56:58 PM by mEhE »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33921
  • malware fighter
Re: win32adwaremediaticket,it wont disapear!
« Reply #1 on: April 14, 2006, 01:12:22 PM »
Hi mEhE,

There is a lot of this infection with the mediatickets going around lately, because we get a lot of postings for this malware.
Read about it here, also for removal instructions:
http://www.spywareguide.com/product_show.php?id=813
and read here:
http://www.intermute.com/spyware/MediaTickets.html

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: win32adwaremediaticket,it wont disapear!
« Reply #2 on: April 14, 2006, 05:00:27 PM »
Hi mEhE,

This is really the avast! forum, but since you're here anyway, welcome, and try running these programs in safe mode: (Tap F8 while booting.)

Ewido (XP'Win2000 only) http://www.ewido.net/en/

     and/or a-Squared http://www.emsisoft.com/en/

Ad-Aware: http://www.lavasoft.de/

Spybot Search & Destroy: http://www.safer-networking.org/

Also try the free trial version of Webroot Spysweeper if the above don't work.

Good luck!
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Spiritsongs

  • Guest
NOD32 Forum
« Reply #3 on: April 14, 2006, 06:08:51 PM »
 :)  Hi All :

     There is a NOD32 Forum at wilderssecurity.com .
Logged

mEhE

  • Guest
Re: win32adwaremediaticket,it wont disapear!
« Reply #4 on: April 17, 2006, 10:10:34 PM »
Quote from: FreewheelinFrank on April 14, 2006, 05:00:27 PM
Hi mEhE,

This is really the avast! forum, but since you're here anyway, welcome, and try running these programs in safe mode: (Tap F8 while booting.)

Ewido (XP'Win2000 only) http://www.ewido.net/en/

     and/or a-Squared http://www.emsisoft.com/en/

Ad-Aware: http://www.lavasoft.de/

Spybot Search & Destroy: http://www.safer-networking.org/

Also try the free trial version of Webroot Spysweeper if the above don't work.

Good luck!

now i have tryed everything you wrote.. Ewido anti malware 3.5  found  31 020 infected ??? but all cleaned..
most of them was cookies..
but the win32adware\mediatickets is still popping up on nod32..
i posted a tread on nod32 forum but no help so far..

btw: what is avast! ?  i search on the win32adware virus in google and i found this forum :)
« Last Edit: April 17, 2006, 10:14:58 PM by mEhE »
Logged

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89138
  • No support PMs thanks
Re: win32adwaremediaticket,it wont disapear!
« Reply #5 on: April 17, 2006, 11:19:20 PM »
avast is an anti-virus program and this forum is part of its program support.

http://www.avast.com/eng/desktop_protection.html

Welcome to our forums ;D
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: win32adwaremediaticket,it wont disapear!
« Reply #6 on: April 18, 2006, 12:07:29 AM »
Can you post a HijackThis! log for us?

http://www.bleepingcomputer.com/tutorials/tutorial42.html
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

mEhE

  • Guest
Re: win32adwaremediaticket,it wont disapear!
« Reply #7 on: April 23, 2006, 12:45:45 PM »
hm..  The message exceeds the maximum allowed length (10000 characters). i can not write the hijackthis log here...??
Logged

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: win32adwaremediaticket,it wont disapear!
« Reply #8 on: April 23, 2006, 12:58:48 PM »
Please split the log into two parts!
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

mEhE

  • Guest
Re: win32adwaremediaticket,it wont disapear!
« Reply #9 on: April 23, 2006, 01:44:30 PM »
here is the log:
Quote
Logfile of HijackThis v1.99.1
Scan saved at 17:21:19, on 18.04.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FELLES~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\NetLimiter\NetLimiter.exe
C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\Eset\nod32kui.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Spyware Doctor\swdoctor.exe
C:\Programfiler\W?nSxS\?ti2evxx.exe
C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe
C:\Programfiler\Bluetooth-programvare\BTTray.exe
C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
C:\Programfiler\Bluetooth-programvare\bin\btwdins.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\ewido anti-malware\ewidoguard.exe
C:\Programfiler\Eset\nod32krn.exe
C:\Programfiler\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\BitComet\BitComet.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Nero\Nero 7\Core\nero.exe
C:\Programfiler\Fellesfiler\Ahead\lib\NMIndexStoreSvr.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\SKRIVEBORD\hijackthis.exe
Logged

mEhE

  • Guest
Re: win32adwaremediaticket,it wont disapear!
« Reply #10 on: April 23, 2006, 01:45:10 PM »
Quote
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21CCD69C-1C0F-648B-73E6-6F834CAA999B} - (no file)
O2 - BHO: (no name) - {3EBB263E-BEAC-917C-D18A-CC69318A8E9E} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Programfiler\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: (no name) - {6C994F3C-DCA6-A92E-D82E-A67F106AD5CE} - (no file)
O2 - BHO: (no name) - {6E1B3AB2-F777-8EF5-5B15-85ED9912D49F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8AC27E9A-E107-9FDC-7977-C3891F7A64C4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9E3AC264-5EFE-7322-DA9D-7D82BF1F28C3} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FB761138-D1FE-A121-D39F-AD0FA4E64D92} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Programfiler\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FELLES~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Programfiler\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programfiler\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
Logged

mEhE

  • Guest
Re: win32adwaremediaticket,it wont disapear!
« Reply #11 on: April 23, 2006, 01:45:40 PM »
Quote
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programfiler\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Bjf] C:\Documents and Settings\Administrator\Mine dokumenter\??stem32\?srss.exe
O4 - HKCU\..\Run: [Sivjrrb] C:\Programfiler\W?nSxS\?ti2evxx.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCleaner_free.exe" -turbo -autostart -NOREBOOT
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global User Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global User Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Programfiler\dopewars-1.5.10\dopewars.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programfiler\Eset\nod32krn.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
Logged

mEhE

  • Guest
Re: win32adwaremediaticket,it wont disapear!
« Reply #12 on: April 23, 2006, 01:46:34 PM »
is that the log you need?
Logged

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: win32adwaremediaticket,it wont disapear!
« Reply #13 on: April 23, 2006, 01:50:53 PM »
That's the one!

Your analysis is saved here:

http://hijackthis.de/logfiles/990993e373fe3e38fbe9ecb133a07733.html

I can see a few nasties. I'll post again when I've had a good look!
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: win32adwaremediaticket,it wont disapear!
« Reply #14 on: April 23, 2006, 02:45:49 PM »
First of all, you seem to be running NOD32 and Norton Anti-Virus. Running two AV's at the same time is not a good idea, as they will fight over files like two dogs over a bone and cause problems.

Your main problem seems to be a PurityScan infection. It obviously has some some of self-protection going on. The easiest way to remove it would be to use the removal tool from the PurityScan website. I don't really trust uninstallers from adware companies, but as it's recommended on the Symantec site, I guess it's safe:

http://securityresponse.symantec.com/avcenter/venc/data/adware.purityscan.html

http://www.purityscan.com/uninstall.html

Do you have BitComet peer-to-peer network, because this can be a worm if it's not the peer-to-peer network.

C:\Programfiler\BitComet\BitComet.exe

The following entries have been highlighted as nasty, but you should decide if you want to keep them: they are IE start and search pages.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

The following entries can be fixed: this is just a 'clean-up' process.

O2 - BHO: (no name) - {21CCD69C-1C0F-648B-73E6-6F834CAA999B} - (no file)

O2 - BHO: (no name) - {3EBB263E-BEAC-917C-D18A-CC69318A8E9E} - (no file)

O2 - BHO: (no name) - {6E1B3AB2-F777-8EF5-5B15-85ED9912D49F} - (no file)

O2 - BHO: (no name) - {8AC27E9A-E107-9FDC-7977-C3891F7A64C4} - (no file)

O2 - BHO: (no name) - {9E3AC264-5EFE-7322-DA9D-7D82BF1F28C3} - (no file)

O2 - BHO: (no name) - {FB761138-D1FE-A121-D39F-AD0FA4E64D92} - (no file)

This entry I do not believe is nasty and I do not recommend fixing it:

 O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

This entry seems to be adware: I recommend you do some research and decide if you want to keep it.

O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Programfiler\dopewars-1.5.10\dopewars.exe

You need to check that you have the latest version of IE.

Please run the PurityScan uninstaller and then check with HijackThis! that the following entries have gone:

C:\Programfiler\W?nSxS\?ti2evxx.exe

O4 - HKCU\..\Run: [Bjf] C:\Documents and Settings\Administrator\Mine dokumenter\??stem32\?srss.exe

O4 - HKCU\..\Run: [Sivjrrb] C:\Programfiler\W?nSxS\?ti2evxx.exe







Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog
Pages: [1] 2 3   Go Up
« previous next »