|
|
 |
|
|
Pages: 1
wmmse.com Virus?
(Click here to view the original thread with full colors/images)
Posted by: dtr
Hi wonderin if anyone can help.
I had this problem that whatever i typed into the address bar on internet explorer wud be replaced wiv the address i entered with "wmmse.."in front of it and wud goto wmmse.com. Then on that adress it wud say how to get rid of it doing that because it had been fixed apparently, so i deleted it from startup and ended the process but it kept coming back, i then erased the code from registry which seemed to have sorted it. But now i sometimes get it come up with interenetoptimizer.com and wmmse combination, has anyone else came across this?
Posted by: DemonBob
Most likely a trojan. Run a virus scan. If you dont have one run the online scan at http://www.trendmicro.com
Posted by: DemonBob
Hi After doing the above do this.
Go to http://www.merijn.org/files/hijackthis.zip to download the 'Hijack This!' progam. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please post its contents here
Posted by: dtr
Hi,
i have ran up2date version of norton antivirus and it found nothing, i will get hijackthis later as i am at work at the moment =oP
Where do i send the log?
Posted by: DemonBob
Just copy and paste it in this post.
Posted by: Shalome
Norton Antivirus won't detect spyware/adware like InternetOptimizer.
You need to download and run a program like AdAware or Spybot Search & Destroy for that.
::edit:: Or, as DemonBob suggested, HijackThis.
Posted by: dtr
Here is the Log file, i think i see some likely suspects.
Logfile of HijackThis v1.97.7
Scan saved at 14:57:23, on 17/01/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\System32\Ati2evxx.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\winnt\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\Ati2evxx.exe
C:\winnt\Explorer.exe
C:\winnt\loadqm.exe
C:\winnt\wt\updater\wcmdmgr.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\winnt\System32\G-VGA.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\winnt\System32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\BTopenworld\DialBTISurfTime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wmmse.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wmmse.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.btinternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://wmmse.com/?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\winnt\bi.dll
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\winnt\wsem216.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\winnt\nem214.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\winnt\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\winnt\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\winnt\System32\G-VGA.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SystemExplorer] C:\Program Files\Common Files\Services\explore.exe
O4 - HKLM\..\RunServices: [SystemExplorer] C:\Program Files\Common Files\Services\explore.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\winnt\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: gwum.lnk = Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - DefaultPrefix: http://wmmse.com/?q=
O13 - WWW Prefix: http://wmmse.com/?q=
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pu...ash/swflash.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) -
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/tem...bcontrol013.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2A54EE3-B9B5-4833-8DE3-FC26E52D5BB3}: NameServer = 213.1.119.104 213.1.119.103
Posted by: DemonBob
Check all of these. then press fix
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wmmse.com/?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wmmse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wmmse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wmmse.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wmmse.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://wmmse.com/?q=
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
If you did not set these yourself dont fix them
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - DefaultPrefix: http://wmmse.com/?q=
O13 - WWW Prefix: http://wmmse.com/?q=
After delete these files:
C:\WINDOWS\av.exe
C:\WINDOWS\systask32l.exe
C:\WINDOWS\System32\ln32k.exe
Posted by: bascom24
CAn some please help me. I have posted below a copy of my hijackthis log file. I do not see nor can I find on my computer any of the files people are usually asked to delete.
Logfile of HijackThis v1.97.7
Scan saved at 8:22:25 PM, on 2/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\tppaldr.exe
C:\Windows\internet.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AIM95\aim.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\cmd.exe
C:\Documents and Settings\Jazzbo\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wmmse.com/?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wmmse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wmmse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wmmse.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wmmse.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [SystemExplorer] C:\Windows\internet.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SystemExplorer] C:\Windows\internet.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O13 - DefaultPrefix: http://wmmse.com/?q=
O13 - WWW Prefix: http://wmmse.com/?q=
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/fil...eCallButton.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
Posted by: redwench
did you try running a trojan scan and spyware scans first? hijackthis is not for novices 
www.trojanscan.com
www.lavasoft.com
http://security.kolla.de
Posted by: flaire_02
hi.. i've been searching for a possible remedy in eliminating www.wmmse.com on my explorer because it iritates me whenever i started my explorer.. can you help me?  i've also read past post and i tried downloading and using the hijackthis program..
this was the result.then tell me what should i do next? expectecting a reply fromu ASAP.
Logfile of HijackThis v1.97.7
Scan saved at 7:51:07 PM, on 2/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\APIKEYS\DFOT43W.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWAREPRO\MWPROENG.EXE
C:\PROGRAM FILES\APIKEYS\KBOSDCTL.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\APIKEYS\HKEYCNT.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\WINDOWS\APPLICATION DATA\QGSHEAAB.EXE
C:\WINDOWS\TEMP\FYOF1.TMP
C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\CHIKKA\CHIKKA.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wmmse.com/?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wmmse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wmmse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wmmse.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wmmse.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://wmmse.com/?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wmmse.com/?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr...//www.yahoo.com" target="_blank">http://www.yahoo.com" target="_blan...w.yahoo.com</a>
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://wmmse.com/?q=
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://wmmse.com/?q=
O1 - Hosts: 81.211.105.6 www.0190-dialer.com
O1 - Hosts: 81.211.105.6 www.22469.com
O1 - Hosts: 81.211.105.6 www.3wisp.com
O1 - Hosts: 81.211.105.6 www.adult-cinema.org
O1 - Hosts: 81.211.105.6 www.adultfreehosting.com
O1 - Hosts: 81.211.105.6 www.adulthosting.com
O1 - Hosts: 81.211.105.6 www.adultlinks1.com
O1 - Hosts: 81.211.105.6 www.adultmegamovies.com
O1 - Hosts: 81.211.105.6 www.adultsexmovie.net
O1 - Hosts: 81.211.105.6 www.adultwall.com
O1 - Hosts: 81.211.105.6 www.afro-sex.com
O1 - Hosts: 81.211.105.6 www.agreathost.net
O1 - Hosts: 81.211.105.6 www.alehina.com
O1 - Hosts: 81.211.105.6 www.allnichestgp.com
O1 - Hosts: 81.211.105.6 www.allowednet.com
O1 - Hosts: 81.211.105.6 www.amateurlips.com
O1 - Hosts: 81.211.105.6 www.amateurnudephoto.com
O1 - Hosts: 81.211.105.6 www.amateursgonebad.com
O1 - Hosts: 81.211.105.6 www.ambersamateurhardcore.com
O1 - Hosts: 81.211.105.6 www.anyamateur.com
O1 - Hosts: 81.211.105.6 www.apornhost.com
O1 - Hosts: 81.211.105.6 www.findmodels.com
O1 - Hosts: 81.211.105.6 www.asianscum.com
O1 - Hosts: 81.211.105.6 www.awethumbs.com
O1 - Hosts: 81.211.105.6 www.badassxxx.com
O1 - Hosts: 81.211.105.6 www.badbimbo.com
O1 - Hosts: 81.211.105.6 www.beautifulbondage.com
O1 - Hosts: 81.211.105.6 www.bestpornhost.com
O1 - Hosts: 81.211.105.6 www.biggestdickinporn.net
O1 - Hosts: 81.211.105.6 www1.3wisp.com
O1 - Hosts: 81.211.105.6 www1.kinghost.com
O1 - Hosts: 81.211.105.6 www1.ndhosting.com
O1 - Hosts: 81.211.105.6 www1.sexls.com
O1 - Hosts: 81.211.105.6 www1.smutserver.com
O1 - Hosts: 81.211.105.6 www1.toptgphost.com
O1 - Hosts: 81.211.105.6 www1.xfreehosting.com
O1 - Hosts: 81.211.105.6 www10.kinghost.com
O1 - Hosts: 81.211.105.6 www10.smutserver.com
O1 - Hosts: 81.211.105.6 www11.kinghost.com
O1 - Hosts: 81.211.105.6 www11.smutserver.com
O1 - Hosts: 81.211.105.6 www12.kinghost.com
O1 - Hosts: 81.211.105.6 www12.smutserver.com
O1 - Hosts: 81.211.105.6 www13.smutserver.com
O1 - Hosts: 81.211.105.6 www14.smutserver.com
O1 - Hosts: 81.211.105.6 www15.smutserver.com
O1 - Hosts: 81.211.105.6 www16.smutserver.com
O1 - Hosts: 81.211.105.6 www17.smutserver.com
O1 - Hosts: 81.211.105.6 www18.smutserver.com
O1 - Hosts: 81.211.105.6 www19.smutserver.com
O1 - Hosts: 81.211.105.6 www2.3wisp.com
O1 - Hosts: 81.211.105.6 www2.kinghost.com
O1 - Hosts: 81.211.105.6 www2.ndhosting.com
O1 - Hosts: 81.211.105.6 www2.smutserver.com
O1 - Hosts: 81.211.105.6 www2.toptgphost.com
O1 - Hosts: 81.211.105.6 www2.xfreehosting.com
O1 - Hosts: 81.211.105.6 www2.zpornstars.com
O1 - Hosts: 81.211.105.6 www20.smutserver.com
O1 - Hosts: 81.211.105.6 www21.smutserver.com
O1 - Hosts: 81.211.105.6 www22.smutserver.com
O1 - Hosts: 81.211.105.6 www23.smutserver.com
O1 - Hosts: 81.211.105.6 www24.smutserver.com
O1 - Hosts: 81.211.105.6 www25.smutserver.com
O1 - Hosts: 81.211.105.6 www26.smutserver.com
O1 - Hosts: 81.211.105.6 www27.smutserver.com
O1 - Hosts: 81.211.105.6 www28.smutserver.com
O1 - Hosts: 81.211.105.6 www29.smutserver.com
O1 - Hosts: 81.211.105.6 www3.kinghost.com
O1 - Hosts: 81.211.105.6 www3.ndhosting.com
O1 - Hosts: 81.211.105.6 www3.smutserver.com
O1 - Hosts: 81.211.105.6 www3.xfreehosting.com
O1 - Hosts: 81.211.105.6 www3.zpornstars.com
O1 - Hosts: 81.211.105.6 www30.smutserver.com
O1 - Hosts: 81.211.105.6 www31.smutserver.com
O1 - Hosts: 81.211.105.6 www32.smutserver.com
O1 - Hosts: 81.211.105.6 www4.kinghost.com
O1 - Hosts: 81.211.105.6 www4.smutserver.com
O1 - Hosts: 81.211.105.6 www4.xfreehosting.com
O1 - Hosts: 81.211.105.6 www4.zpornstars.com
O1 - Hosts: 81.211.105.6 www5.kinghost.com
O1 - Hosts: 81.211.105.6 www5.smutserver.com
O1 - Hosts: 81.211.105.6 www6.kinghost.com
O1 - Hosts: 81.211.105.6 www6.smutserver.com
O1 - Hosts: 81.211.105.6 www7.kinghost.com
O1 - Hosts: 81.211.105.6 www7.smutserver.com
O1 - Hosts: 81.211.105.6 www8.kinghost.com
O1 - Hosts: 81.211.105.6 www8.smutserver.com
O1 - Hosts: 81.211.105.6 www9.kinghost.com
O1 - Hosts: 81.211.105.6 www9.smutserver.com
O1 - Hosts: 81.211.105.6 www.bigmovies.com
O1 - Hosts: 81.211.105.6 www.bigpornvideos.com
O1 - Hosts: 81.211.105.6 www.big-xxx-movies.com
O1 - Hosts: 81.211.105.6 www.samplehosting.com
O1 - Hosts: 81.211.105.6 www.blinghosting.com
O1 - Hosts: 81.211.105.6 www.blitz-hosting.com
O1 - Hosts: 81.211.105.6 www.boyanxxx.com
O1 - Hosts: 81.211.105.6 www.bustyx.com
O1 - Hosts: 81.211.105.6 www.cleanadulthost.com
O1 - Hosts: 81.211.105.6 www.cleanpornhost.com
O1 - Hosts: 81.211.105.6 www.cyberxxxhost.com
O1 - Hosts: 81.211.105.6 www.dialcom.com
O1 - Hosts: 81.211.105.6 www.eldererotica.tv
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\DDM3DIA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Pleasure2] c:\program files\dialers\pleasure2\pleasure2.exe /noconnect
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [APIHotKeys] C:\PROGRA~1\APIKEYS\DFOT43W.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [XXX_Action] c:\program files\dialers\xxx_action\xxx_action.exe /noconnect
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MWProEng] C:\PROGRAM FILES\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [e-DT LAN Sniffer] C:\Program Files\HP\e-DiagTools\edtlancfg.exe OS
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [blstgrss] C:\WINDOWS\APPLIC~1\qgsheaab.exe -QuieT
O4 - HKLM\..\Run: [SystemExplorer] C:\PROGRAM FILES\INTERNET EXPLORER\SYSTEEM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe -init
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [SystemExplorer] C:\PROGRAM FILES\INTERNET EXPLORER\SYSTEEM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [MC] C:\WINDOWS\wintrim\WINTRIM.EXE
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\Run: [SystemExplorer] C:\PROGRAM FILES\INTERNET EXPLORER\SYSTEEM.EXE
O4 - HKCU\..\Run: [ChikkaIM] C:\Program Files\Chikka\Chikka.exe
O4 - HKCU\..\Run: [Finding Nemo ScreenMate] C:\PROGRAM FILES\FINDING NEMO SCREENMATE\FINDING NEMO SCREENMATE.EXE
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\RunServices: [MC] C:\WINDOWS\wintrim\WINTRIM.EXE
O4 - HKCU\..\RunServices: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\RunServices: [SystemExplorer] C:\PROGRAM FILES\INTERNET EXPLORER\SYSTEEM.EXE
O4 - HKCU\..\RunServices: [ChikkaIM] C:\Program Files\Chikka\Chikka.exe
O4 - HKCU\..\RunServices: [Finding Nemo ScreenMate] C:\PROGRAM FILES\FINDING NEMO SCREENMATE\FINDING NEMO SCREENMATE.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
O4 - Startup: KYESCAN.lnk = C:\Program Files\ScannerU\KYEScan.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O13 - DefaultPrefix: http://wmmse.com/?q=
O13 - WWW Prefix: http://wmmse.com/?q=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7983.6835648148
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/...ndle33v0d12.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Posted by: redwench
you have a lot of spyware on your computer, run spybot first and get rid of it. then go here and follow the directions: http://www.computing.net/security/w...forum/8358.html
|
|
|
|
|
