Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2  All   Go Down

Author Topic: Windows Office Installer Premium  (Read 10049 times)

0 Members and 1 Guest are viewing this topic.

Maester

  • Guest
Windows Office Installer Premium
« on: May 01, 2006, 01:05:19 PM »
Sometimes, when on my computer, a message pops up saying "installing microsoft office premium"...its very annoying, just as annoying as windows fixer, I want to stop it from appearing....but...dont no how to...

I will see if I can get some screenshots and attach them soon.

But, if you no what I am talking about, and dont need them, please can you help.

Thank you all.

Logged

GX1_Man

  • Guest
Re: Windows Office Installer Premium
« Reply #1 on: May 01, 2006, 06:27:54 PM »
Do you not have the Office CD to complete the installation?\

Are you sure you do not have malware problems?
« Last Edit: May 01, 2006, 06:28:34 PM by GX1_Man »
Logged

Maester

  • Guest
Re: Windows Office Installer Premium
« Reply #2 on: May 02, 2006, 05:49:54 AM »
Everything is installed fine.

It just started to pop-up. I dont want to have a premium service or anything. I just want it to go away.

Hope that helps
Logged

Maester

  • Guest
Re: Windows Office Installer Premium
« Reply #3 on: May 02, 2006, 12:56:18 PM »
Malware??

Also, can I attach a word doc as an attachment or not.



Logged

GX1_Man

  • Guest
Re: Windows Office Installer Premium
« Reply #4 on: May 02, 2006, 08:02:30 PM »
Here's the full drill. Let's make sure that system is clean:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1134123580

(Yes, you can attach a word file to email, post here, etc.)
What are you doing in particular when this pops up?
Logged

Maester

  • Guest
Re: Windows Office Installer Premium
« Reply #5 on: May 03, 2006, 11:06:23 AM »
surfing...doing nothing in particular.

Though it does like myspace alot more than others...it seems to pop-up in myspace alot.

Logged

dl65

  • R.I.P.


    • Prodigy

    Thanked: 18
    Re: Windows Office Installer Premium
    « Reply #6 on: May 03, 2006, 01:54:30 PM »
     Maester....  You have nasties in residence .......... perhaps in the form of a trojan........  A highjackthis log file will reveal that ......... post one here and we can have a look at it for you .
    highjackthis ......   http://hijack-this.net/

    dl65  ::)
    Logged
    If you don't know the answer, it isn't a dumb question.

    dl65

    • R.I.P.


      • Prodigy

      Thanked: 18
      Re: Windows Office Installer Premium
      « Reply #7 on: May 03, 2006, 06:28:50 PM »
      Maester....Hi , I can understand your concern re security , however the hijackthis log ....... only contains .....your operating system , whats running on your machine ..... there is no personal information in that log file ......

      dl65  ::)
      Logged
      If you don't know the answer, it isn't a dumb question.

      Maester

      • Guest
      Re: Windows Office Installer Premium
      « Reply #8 on: May 04, 2006, 05:50:10 AM »
      Ok.

      Once I get home (not home right now)

      Will upload the log.

      Logged

      Maester

      • Guest
      Re: Windows Office Installer Premium
      « Reply #9 on: May 05, 2006, 02:54:09 PM »
      Here is my logg. its long:



      Logfile of HijackThis v1.99.1
      Scan saved at 17:15:04, on 04/05/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Apps\ActivBoard\nhksrv.exe
      C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
      C:\WINDOWS\Z3JhaGFt\command.exe
      C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      C:\WINDOWS\wanmpsvc.exe
      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\FSI\F-Prot\F-StopW.EXE
      C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      c:\progra~1\mcafee.com\vso\mcvsescn.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
      C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
      C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
      C:\Program Files\Network\ipnetwork.exe
      C:\WINDOWS\system32\spytiqwuy.exe
      C:\WINDOWS\system32\EAEBF1ECF3F3F4.exe
      C:\WINDOWS\system32\fqxz9h.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\CheckS02.exe
      C:\WINDOWS\win32101-139855606.exe
      C:\mousepad16.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\PROGRA~1\COMMON~1\wrok\wrokm.exe
      C:\Program Files\EQBranch\EQBranch.exe
      C:\Program Files\PECarlin\PECarlin.exe
      c:\progra~1\mcafee.com\vso\mcvsftsn.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\DOCUME~1\rich\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
      C:\WINDOWS\system32\msiexec.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://images.google.com/imgres?imgurl=www.tagesschau.de/styles/container/image/style_images_default/0,1984,OID1252362,00.jpg&imgrefurl=http://www.tagesschau.de/aktuell/meldungen/0,2044,OID1252328,00.html&h=240&w=420&prev=/images%3Fq%3Dharry%2B
      R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
      O2 - BHO: Yvakt Class - {2335EA94-74D6-46B4-BA93-8567DAC6CC9B} - C:\WINDOWS\system32\fpdrnznx.dll
      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
      O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
      O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
      O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
      O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
      O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
      O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
      O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
      O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
      O4 - HKLM\..\Run: [kVdtBOn] "C:\WINDOWS\system32\spytiqwuy.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [5D5E645F6666676B] EAEBF1ECF3F3F4.exe
      O4 - HKLM\..\Run: [w027b102.dll] RUNDLL32.EXE w027b102.dll,I2 0005d3190027b102
      O4 - HKLM\..\Run: [adstart] iexplore.exe http://__adstart
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
      O4 - HKLM\..\Run: [win32101-139855606] C:\WINDOWS\win32101-139855606.exe
      O4 - HKLM\..\Run: [newname] C:\\newname16.exe
      O4 - HKLM\..\Run: [mousepad] C:\\mousepad16.exe
      O4 - HKLM\..\Run: [keyboard] C:\\keyboard16.exe
      O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
      O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
      O4 -
      Logged

      Maester

      • Guest
      Re: Windows Office Installer Premium
      « Reply #10 on: May 05, 2006, 02:54:47 PM »
      O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
      O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
      O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
      O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
      O4 - HKCU\..\Run: [wrok] C:\PROGRA~1\COMMON~1\wrok\wrokm.exe
      O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
      O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
      O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
      O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
      O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
      O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: GreatDownloads - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\daz\Application Data\GreatDownloads.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O12 - Plugin for τε: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
      O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.240:8000/Java/cfs40320.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
      O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37710.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.windupdates.com/cab/180solutions/ie/bridge-c424.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D18E320B-2085-4529-8187-C4D352C13BD6}: NameServer = 80.225.252.58 80.225.252.50
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Filter: text/html - {7B1EE13A-FE1E-48B0-AC2C-8ACC5E3BB7CB} - C:\WINDOWS\system32\fpdrnznx.dll
      O20 - AppInit_DLLs: repairs303169578.dll
      O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\f2j2lc1o1f.dll
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
      O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Z3JhaGFt\command.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C
      « Last Edit: May 05, 2006, 02:55:43 PM by Maester »
      Logged

      dl65

      • R.I.P.


        • Prodigy

        Thanked: 18
        Re: Windows Office Installer Premium
        « Reply #11 on: May 06, 2006, 12:06:14 AM »
        Maester.....Ok ...... you should remove this entry manually .....

        C:\WINDOWS\Z3JhaGFt\command.exe  
        C:\WINDOWS\CheckS02.exe  ....remove this as well unless you know what it is

        Use hijackthis to remove the following :

        R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

        O2 - BHO: Yvakt Class - {2335EA94-74D6-46B4-BA93-8567DAC6CC9B} - C:\WINDOWS\system32\fpdrnznx.dll

        O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

        O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

        O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

        O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm    

        O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm    

        O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm  

        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)    

        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing

        O9 - Extra button: GreatDownloads - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\daz\Application Data\GreatDownloads.exe (file missing)

        O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab

        O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.windupdates.com/cab/180solutions/ie/bridge-c424.cab

        O17 - HKLM\System\CCS\Services\Tcpip\..\{D18E320B-2085-4529-8187-C4D352C13BD6}: NameServer = 80.225.252.58 80.225.252.50    
         
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)  

        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Z3JhaGFt\command.exe

        Make sure you mark all the above for removal and the click on fix marked ......

        There are a number of other questionable entries which may also have to be removed , but lets start with the ones listed ........

        I also notice you are using "about blank" in the R1 entries ....... is this what you have set ?

        After you have removed the above , post a new log file and we can see whats happening .

        dl65  ::)

        Logged
        If you don't know the answer, it isn't a dumb question.

        Maester

        • Guest
        Re: Windows Office Installer Premium
        « Reply #12 on: May 06, 2006, 08:49:45 AM »
        C:\WINDOWS\Z3JhaGFt\command.exe  
        C:\WINDOWS\CheckS02.exe  ....remove this as well unless you know what it is

        Those two I cant get rid of. The computer I used, is shared- basically, there are more than one password. I am not the admin on it, maybe that will help. If I have to, I will go onto the admin settings on the computer.

        Now, I deleted the other ones you told me about.

        The "about blank". Well, when I have been starting up my computer, an internet window has tried to load up each time ( wont work as I am not connected to the net yet). About Blank pop-ups. R1 entries. I dont understand these "R"'s and "O"'s.

        I admit, there are some entries that look fishy.

        Its safe to say, my computer is in need of a serious cleanup correct.

        Logged

        Maester

        • Guest
        Re: Windows Office Installer Premium
        « Reply #13 on: May 06, 2006, 08:52:17 AM »
        Here is my new logg:

        ogfile of HijackThis v1.99.1
        Scan saved at 15:37:01, on 06/05/2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Apps\ActivBoard\nhksrv.exe
        C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
        C:\WINDOWS\Z3JhaGFt\command.exe
        C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
        c:\program files\mcafee.com\agent\mcdetect.exe
        c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
        c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
        C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
        C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
        C:\WINDOWS\wanmpsvc.exe
        c:\PROGRA~1\mcafee.com\vso\mcshield.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\FSI\F-Prot\F-StopW.EXE
        C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
        c:\program files\mcafee.com\agent\mcagent.exe
        c:\progra~1\mcafee.com\vso\mcvsescn.exe
        C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
        C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
        C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
        C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
        C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
        C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
        C:\Program Files\Network\ipnetwork.exe
        C:\WINDOWS\system32\spytiqwuy.exe
        C:\WINDOWS\system32\EAEBF1ECF3F3F4.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\WINDOWS\CheckS02.exe
        C:\WINDOWS\win32101-139855606.exe
        C:\WINDOWS\system32\fqxz9h.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\PROGRA~1\COMMON~1\wrok\wrokm.exe
        C:\Program Files\PECarlin\PECarlin.exe
        c:\progra~1\mcafee.com\vso\mcvsftsn.exe
        C:\DOCUME~1\rich\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
        C:\Program Files\AXVenore\AXVenore.exe
        C:\Program Files\FCAdvice\FCAdvice.exe
        C:\Program Files\Internet Explorer\iexplore.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://images.google.com/imgres?imgurl=www.tagesschau.de/styles/container/image/style_images_default/0,1984,OID1252362,00.jpg&imgrefurl=http://www.tagesschau.de/aktuell/meldungen/0,2044,OID1252328,00.html&h=240&w=420&prev=/images%3Fq%3Dharry%2B
        R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
        O2 - BHO: (no name) - {2335EA94-74D6-46B4-BA93-8567DAC6CC9B} - (no file)
        O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
        O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmowbw.dll
        O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
        O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
        O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
        O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
        O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
        O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
        O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
        O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
        O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
        O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
        O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
        O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
        O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
        O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
        O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
        O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
        O4 - HKLM\..\Run: [kVdtBOn] "C:\WINDOWS\system32\spytiqwuy.exe"
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [5D5E645F6666676B] EAEBF1ECF3F3F4.exe
        O4 - HKLM\..\Run: [w027b102.dll] RUNDLL32.EXE w027b102.dll,I2 0005d3190027b102
        O4 - HKLM\..\Run: [adstart] iexplore.exe http://__adstart
        O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
        O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
        O4 - HKLM\..\Run: [win32101-139855606] C:\WINDOWS\win32101-139855606.exe
        O4 - HKLM\..\Run: [newname] C:\\newname16.exe
        O4 - HKLM\..\Run: [mousepad] C:\\mousepad16.exe
        O4 - HKLM\..\Run: [keyboard] C:\\keyboard16.exe
        O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
        O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
        Logged

        Maester

        • Guest
        Re: Windows Office Installer Premium
        « Reply #14 on: May 06, 2006, 08:53:09 AM »
        Here is my new logg:

        O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
        O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
        O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
        O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
        O4 - HKCU\..\Run: [wrok] C:\PROGRA~1\COMMON~1\wrok\wrokm.exe
        O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
        O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
        O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
        O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe"
        O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O12 - Plugin for τε: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
        O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.240:8000/Java/cfs40320.cab
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
        O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37710.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
        O18 - Filter: text/html - {7B1EE13A-FE1E-48B0-AC2C-8ACC5E3BB7CB} - C:\WINDOWS\system32\fpdrnznx.dll
        O20 - AppInit_DLLs: repairs303169578.dll
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Z3JhaGFt\command.exe
        O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
        O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
        O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
        O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
        O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
        O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
        O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
        O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
        O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

        Logged
        Pages: [1] 2  All   Go Up
        « previous next »