key board virus

Question

SilverOne 0 Newbie Poster

18 Years Ago

Hello

i have a keyboard virus that changes the keys here is an exempe:
ei hv3ei k3eiuyvbotrd veitr6uys 4trh4tr chng3eis 4trh3ei k3eiuys

this message was written with keyboard on scrreen, i researched but it and scannedwith hijackthis here s the log, please help.

sry if iwritten something wrong its hard to write.

Logfile of HijackThis v1.99.1
Scan saved at 3:16:06, on 20-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programas\TGTSoft\StyleXP\StyleXPService.exe
D:\Programas\DigitalPersona\Bin\DPWinLct.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\AntiVir PersonalEdition Classic\sched.exe
D:\Programas\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\ATKKBService.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\Programas\DigitalPersona\Bin\DpHost.exe
D:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programas\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Programas\DigitalPersona\Bin\DPFUSMgr.exe
D:\WINDOWS\Explorer.EXE
D:\Programas\Creative\Shared Files\Module Loader\DLLML.exe
D:\Programas\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Programas\Logitech\Video\LogiTray.exe
D:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
D:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
D:\WINDOWS\CTHELPER.EXE
D:\WINDOWS\system32\CTXFIHLP.EXE
D:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\Programas\MessengerPlus! 3\MsgPlus.exe
D:\Programas\Java\jre1.5.0_06\bin\jusched.exe
D:\Programas\DAEMON Tools\daemon.exe
D:\Programas\QuickTime\qttask.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programas\DigitalPersona\Bin\DPAgnt.exe
D:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
D:\Programas\AGEIA Technologies\TrayIcon.exe
D:\Programas\Eset\nod32kui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Programas\Logitech\Video\FxSvr2.exe
D:\Programas\Creative\MediaSource\Detector\CTDetect.exe
D:\programas\steam\steam.exe
D:\Programas\Messenger\msmsgs.exe
D:\Programas\Microsoft ActiveSync\wcescomm.exe
D:\Programas\Sprite Software\Sprite Backup\SpriteService.exe
D:\Programas\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Programas\Logitech\SetPoint\KEM.exe
D:\Programas\Creative\ShareDLL\CADI\NotiMan.exe
D:\Programas\Logitech\SetPoint\KHALMNPR.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Programas\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\osk.exe
D:\WINDOWS\system32\MSSWCHX.EXE
D:\Programas\WinRAR\WinRAR.exe
D:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\Rar$EX10.203\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programas\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - D:\WINDOWS\system32\Audiodevs.dll (file missing)
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - D:\Programas\ShopperReports\Bin\2.0.0\ShprRprt.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programas\Ficheiros comuns\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Great Offers Displayer - {CE05B815-6F98-4ADD-AEB7-60BB2D4264F1} - c:\windows\bh.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "D:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator

"D:\Programas\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programas\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTDVDDET] "D:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "D:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "D:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LogonStudio] "D:\Programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "D:\Programas\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SeePassword] D:\Programas\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DPAgnt] D:\Programas\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [4028202b.exe] D:\WINDOWS\system32\4028202b.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] D:\Programas\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Programas\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Steam] "d:\programas\steam\steam.exe" -silent
O4 - HKCU\..\Run: [STYLEXP] D:\Programas\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "D:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIP] D:\WINDOWS\aip.exe
O4 - HKCU\..\Run: [HOTASMode] "D:\Programas\HOTAS\HOTASConfig.exe" /MODE /FOXY /AU /DM /BW
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Hide IP Platinum] D:\Programas\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [SpriteService] "D:\Programas\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] D:\Programas\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Trust Cleaner] "D:\Programas\Trust Cleaner\Trust Cleaner.exe"
O4 - HKCU\..\Run: [4028202b.exe] D:\Documents and Settings\Administrador\Definições locais\Application Data\4028202b.exe
O4 - HKCU\..\Run: [SSS2006] "D:\Programas\Steganos Security Suite 2006\SSS2006.exe" -boot
O4 - HKCU\..\Run: [msnmsgr] "D:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] D:\Programas\Ficheiros comuns\Adobe\Updater\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = D:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programas\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download All by FlashGet - D:\Programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

D:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} -

D:\Programas\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} -

D:\Programas\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -

https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{667316D1-7FF9-4FF6-BC93-FA09D876066D}: NameServer = 194.65.100.117,194.65.5.2
O18 - Protocol: bw+0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: DPWLN - D:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programas\AntiVir

PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programas\AntiVir PersonalEdition

Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - D:\Programas\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - D:\Programas\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programas\Ficheiros

comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programas\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file

missing)
O23 - Service: StyleXPService - Unknown owner - D:\Programas\TGTSoft\StyleXP\StyleXPService.exe

windows-virus

4 Contributors
10 Replies
400 Views
4 Days Discussion Span
Latest Post 18 Years Ago Latest Post by SilverOne

John A 1,896 Vampirical Lurker

18 Years Ago

Do you really think that everyone wants to read all that? I know you're trying to be helpful, but sometimes it's best that you do some research first, not just dump a huge log file at us.

Here are the links I found on Google (and tips on how to remove it):
http://vil.nai.com/vil/content/v_669.htm
http://www.help2go.com/component/option,com_forum/Itemid,32/page,viewtopic/t,9709/view,previous/

Hope this helps

DMR 152 Wombat At Large

18 Years Ago

1.

this message was written with keyboard on scrreen

I'm not sure what you're trying to say there; can you clarify please?

2. Uninstall the Logitech Desktop Meesenger through your Add/Remove Programs control panel. The LDM program's primary job is to automatically check for online updates for your Logitech devices. Not only do you not need it running, but it really clutters up HijackThis logs, as you can see in your log.

Also uninstall any/all of the following bogus/malicious programs if they exist:

Trust Cleaner
TrustIn Bar
TrustIn Contextual Ads
Trustin Popups
TrustIn Search Assistant
Trust Cleaner Promo
Hotbar Web Tools
Hotbar Outlook Tools
Shopper Reports by Hotbar

3. Your log also has abnormal like breaks in it which make it difficult to read. Please post the contents of your next log by opening the HijackThis.log file in Windows Notepad, choosing "Select all" from the Edit menu, and then "Copy" from the Edit menu. If you paste that content into your posts here, it should format correctly.

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

4. Open your antivirus program and download/install its most current updates. Don't run a scan with the program yet, though.

5. Download the following utilities and save them to your desktop or another convenient folder:

ATF-Cleaner
ewido Anti-spyware (30-day trial version)

* Install and Configure ewido:

Close all other Applications and then run the ewido installer
Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
It is very important to get the updates
When updating has finished, close Ewido.

6. Close all open programs/windows, including web browsers. Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button:

O4 - HKLM\..\Run: [4028202b.exe] D:\WINDOWS\system32\4028202b.exe
O4 - HKCU\..\Run: [AIP] D:\WINDOWS\aip.exe O4 - HKCU\..\Run: [Trust Cleaner] "D:\Programas\Trust Cleaner\Trust Cleaner.exe"
O4 - HKCU\..\Run: [4028202b.exe] D:\Documents and Settings\Administrador\Definições locais\Application Data\4028202b.exe
O4 - HKCU\..\Run: [LDM] D:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - D:\Programas\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} -
D:\Programas\ShopperReports\Bin\2.0.0\ShprRprt.dll
O18 - Protocol: bw+0 - {8EADD250-C2D9-40D6-8A74-05C962231FCF} - D:\Programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
(Check all of the Logitech Desktop Messenger entries if they still exist!)

Close HijackThis after the fixes complete.

7. Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Log in to the Administrator account.

Once booted in to Safe Mode:

8. Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

9. Run a full system scan with your antivirus program; have it fix all malicious items it finds.

10. Open ewido

Click on scanner at the top of the Ewido sceen
Click on Settings
Under How to Act click on Recommended Action choose Delete.
Under How to scan, all boxes should be selected
Under Possibly unwanted software, all boxes should be selected
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan, select scan every file
Clickon the Scan Tab
Click on Complete system scan
Let the program scan the machine It can take awhile give it time.
When scan has finished At bottom of screen click Apply all Actions
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop
Click Save
Exit ewido

11. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files if they still exist:

D:\WINDOWS\system32\4028202b.exe
D:\WINDOWS\aip.exe
D:\Documents and Settings\Administrador\Definições locais\Application Data\4028202b.exe

- Delete the following folders entirely:

D:\Programas\Trust Cleaner
D:\Programas\ShopperReports

12. Empty your Recycle Bin and reboot normally.

13. Run HijackThis again, and post the new log. Also post the log that ewido generated.

DMR 152 Wombat At Large

18 Years Ago

Do you really think that everyone wants to read all that? I know you're trying to be helpful, but sometimes it's best that you do some research first, not just dump a huge log file at us.

Actually, the logs are very helpful, because a user is very rarely infected with only one piece of malware SilverOne's HJT log is a case in point; there are at least two separate, distinct malware infections indicated in that log. This is something we would not have known from the poster's description of the problem alone.

Also- I'd ask you to read through your response as a whole. It's a bit brusque, especially when directed at someone who is posting here for the first time.

.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

super_he_man 0 Newbie Poster · Answer 1 · 2006-08-20T12:37:17+00:00

this message was written with keyboard on scrreen
I'm not sure what you're trying to say there; can you clarify please?

i think he was refrencing to the On-Screen keyboard

on windows its under all programs -> Accesories -> Accessibility

i've used it a couple times when my keyboards went out, hard to type correctly

SilverOne 0 Newbie Poster · Answer 2 · 2006-08-21T08:42:40+00:00

i apreciate your help dmr, i got basicly all keys working, except A - caps - shift - ; - escape.... , i did what you told me and here is the ewido log.

plaese view with internet explorer , firefox didn't mange to open the whole pge, i'm truly sorry for this.

plese view with internet explorer... else you wont see the whole pge, i'm truly sorry for this.

also downhere on the ewido i see web sites that i have never visited ... why does this appens ?

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:23:49 21-09-2006
+ Scan result:

C:\back\Programas\e-zshopper\CompBar.dll -> Adware.ActivShopper : No action taken.
HKLM\SOFTWARE\Classes\Interface\{60D3A642-0B03-46AD-B8B0-8D45989A0055} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{81CDDAE8-3B92-4F0D-86C1-8DD5DB6A8471} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{8C88AAE2-A341-4DE8-B064-062194307E5F} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{C28EB22A-6966-4E4B-8592-E84C28D38402} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{506146FD-9499-49A8-AEDE-692C173B2AA4} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{B1C54189-72F0-4353-987B-18FA221BEF09} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{EFA1EC0F-8359-41B7-A178-7DD6805A0C79} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{FEBB9141-2FF9-4FC8-BA91-1CE79DDE25CF} -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D4C7057-EAD2-44C6-AD18-9092905F28F1} -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\Contextual Ads -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\Search Results Spoofer -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\Search Results Spoofer\se -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1000_gayvideosxxx.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1001_hisfirstfacial.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1002_hisfirstgaysex.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1003_hisfirsthugecock.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1004_malesupersite.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1005_ohboys.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1006_musclemenxxx.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1007_twinksforcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1008_bestmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1009_ondemandamateurmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\100_landofmen.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1010_ondemandanalmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1011_ondemandbigcockmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1012_ondemandbigtitmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1013_ondemandblowjobmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1014_ondemandcumshotmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1015_ondemandbroadbandmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1016_ondemandethnicmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1017_ondemandfetishmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1018_ondemandgangbangmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1019_ondemandgaymovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\101_singlegaymales.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1020_ondemandherfirstmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1021_ondemandinterracialmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1022_ondemandlesbianmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1023_ondemandmilfmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1024_ondemandpornstarmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1025_ondemandpublicmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1026_ondemandrealitymovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1027_ondemandshemalemovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1028_ondemandteenmovies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1029_adwareremovergold.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\102_monstergaycocks.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1030_datashreddergold.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1031_emailspamblock.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1032_evidencecleanergold.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1033_extractorandburner.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1034_modemspeedbooster.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1035_pcspeedbooster.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1036_referral.topbucks.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1037_referral.gay.topbucks.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1038_referral.vod.topbucks.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1039_referral.mainstream.topbucks.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\103_twinkoverdose.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1040_icoonet.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1041_icoonet.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1042_freexdvd.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1043_freexdvd.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1044_icoodvd.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1045_icoodvd.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1046_terabyteofporn.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1047_terabyteofporn.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1048_xxxreactor.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1049_xxxreactor.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\104_largecash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1050_analmatureorgies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1051_bigtitsmatures.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1052_boysandmom.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1053_boysfistmoms.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1054_boystrymoms.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1055_deepmomsholes.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1056_drunkteensorgies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1057_homebondage.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1058_lesbimatureorgies.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1059_maturehomevideos.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\105_accessfreeporn.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1060_momsfuckguys.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1061_momsgirlsboys.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1062_momsinsperm.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1063_momsgolesbi.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1064_momslessons.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1065_momsseduceboys.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1066_momstryanal.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1067_nylonandtoys.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1068_nyloncharm.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1069_nylonstrapon.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\106_cover-my-tracks.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1070_olderssperminteens.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1071_oldiez.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1072_peeyoung.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1073_pissingbondage.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1074_russianteachers.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1075_siberianbondage.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1076_watersportz.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1077_getrightporn.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1078_getrightcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1079_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\107_adultfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1080_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1081_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1082_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1083_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1084_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1085_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1086_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1087_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1088_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1089_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\108_adultfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1090_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1091_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1092_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1093_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1094_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1095_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1096_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1097_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1098_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1099_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\109_adultfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\10_stan1.dudesonline.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1100_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1101_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1102_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1103_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1104_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1105_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1106_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1107_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1108_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1109_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\110_alt.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1110_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1111_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1112_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1113_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1114_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1115_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1116_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1117_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1118_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1119_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\111_friendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1120_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1121_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1122_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1123_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1124_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1125_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1126_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1127_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1128_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1129_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\112_outpersonals.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1130_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1131_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1132_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1133_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1134_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1135_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1136_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1137_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1138_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1139_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\113_gayfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1140_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1141_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1142_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1143_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1144_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1145_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1146_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1147_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1148_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1149_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\114_seniorfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1150_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1151_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1152_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1153_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1154_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1155_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1156_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1157_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1158_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1159_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\115_amigos.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1160_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1161_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1162_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1163_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1164_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1165_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1166_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1167_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1168_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1169_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\116_asiafriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1170_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1171_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1172_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1173_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1174_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1175_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1176_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1177_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1178_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1179_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\117_indianfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1180_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1181_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1182_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1183_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1184_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1185_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1186_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1187_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1188_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1189_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\118_filipinofriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1190_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1191_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1192_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1193_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1194_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1195_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1196_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1197_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1198_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1199_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\119_koreanfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\11_stan1.fuckspy.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1200_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1201_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1202_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1203_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1204_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1205_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1206_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1207_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1208_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1209_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\120_germanfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1210_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1211_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1212_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1213_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1214_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1215_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1216_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1217_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1218_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1219_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\121_frenchfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1220_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1221_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1222_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1223_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1224_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1225_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1226_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1227_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1228_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1229_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\122_italianfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1230_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1231_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1232_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1233_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1234_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1235_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1236_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1237_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1238_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1239_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\123_bigchurch.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1240_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1241_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1242_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1243_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1244_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1245_free.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1246_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1247_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1248_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1249_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\124_jewishfriendfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1250_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1251_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1252_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1253_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1254_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1255_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1256_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1257_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1258_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1259_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\125_cams.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1260_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1261_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1262_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1263_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1264_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1265_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1266_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1267_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1268_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1269_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\126_cumtv.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1270_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1271_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1272_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1273_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1274_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1275_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1276_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1277_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1278_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1279_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\127_camboyslive.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1280_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1281_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1282_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1283_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1284_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1285_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1286_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1287_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1288_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1289_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\128_cams.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1290_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1291_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1292_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1293_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1294_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1295_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1296_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1297_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1298_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1299_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\129_dine.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\12_stan1.grannyfucking.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1300_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1301_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1302_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1303_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1304_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1305_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1306_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1307_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1308_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1309_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\130_gradfinder.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1310_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1311_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1312_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1313_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1314_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1315_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1316_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1317_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1318_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1319_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\131_guanxi.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1320_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1321_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1322_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1323_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1324_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1325_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1326_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1327_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1328_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1329_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\132_slim.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1330_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1331_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1332_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1333_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1334_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1335_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1336_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1337_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1338_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1339_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\133_nicecards.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1340_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1341_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1342_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1343_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1344_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1345_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1346_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1347_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1348_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1349_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\134_nudecards.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1350_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1351_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1352_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1353_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1354_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1355_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1356_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1357_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1358_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1359_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\135_passion.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1360_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1361_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1362_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1363_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1364_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1365_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1366_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1367_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1368_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1369_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\136_Sharerent.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1370_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1371_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1372_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1373_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1374_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1375_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1376_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1377_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1378_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1379_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\137_moviepartnership.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1380_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1381_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1382_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1383_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1384_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1385_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1386_programs.wegcash.com -> Adware.Generic : No action taken.
HKU\S-1-5-21-1085031214-879983540-839522115-500\Software\TrustIn\URL Changer\1387_programs.wegcash.com -> Adware.Generic :

DMR 152 Wombat At Large Team Colleague · Answer 3 · 2006-08-21T09:12:04+00:00

plaese view with internet explorer , firefox didn't mange to open the whole pge, i'm truly sorry for this.

No worries; it's not your fault. We've found that FireFox chokes on threads with long log files in them, but we haven't figured out why it happens.

* Your ewido log lists "No action taken" for all of the entries it found , even though my instructions had you set ewido's Recommended Action to "Delete". Do you have any idea what happened there?

You'll need to follow the instructions in my previous post again, making sure that ewido actually fixes the items it finds this time.
Post the new ewido and HJT logs after that, and feel free to ask if you have any problems with the procedure.

SilverOne 0 Newbie Poster · Answer 4 · 2006-08-21T09:16:47+00:00

hmm actualy i did ... i just saved it before i deleted anything at all, i deleted evreything it found, i'm sorry for not saving it after.

it didn't fix anything ... it deleted evreything it found.

lso i just found new entries of tht big 48...b.exe , i deleted them on hijck this.

SilverOne 0 Newbie Poster · Answer 5 · 2006-08-24T04:03:42+00:00

DMR. i managed to delete the virus with msconfig and hijack this by unchecking some random craps that were lagin up my sistem there..

i'm very pleased for your help, thank you.

Bye

DMR 152 Wombat At Large Team Colleague · Answer 6 · 2006-08-24T11:04:02+00:00

Sorry for my delay in responding. I'm glad you got rid of the symptoms, but could you post another HijackThis log for me to review, please? Considering that ewido hadn't actually fixed anything and that your last HJT log did still have malicious entries in it, I'd like to make sure that there are no lingering traces of the malware.
Thanks.

SilverOne 0 Newbie Poster · Answer 7 · 2006-08-24T20:06:46+00:00

hmmm i installed a new windows on my other disk, just becouse after i got the virus out i started to uninstall antivirus and the sistem just crashed :evil: .

i haven't installed an antivirus i'm builting up my system, besides i'm having trouble with creative xfy, since it crashed while i was installing it ( after alot of trouble and testing ) i managed to get it not to crash on windows startup, however it runs know and i do hear sound from it.... but the creative software doesnt dectect the hardware.. i hope there is an software update for this out there (about to search).

if you still want the log here it is ( of the new sys ofcourse ).

Logfile of HijackThis v1.99.1
Scan saved at 15:03:54, on 24-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programas\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\DigitalPersona\Bin\DPAgnt.exe
C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Microsoft ActiveSync\wcescomm.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Creative\MediaSource\Detector\CTDetect.exe
C:\Programas\Creative\MediaSource\Go\CTCMSGo.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Logitech\SetPoint\KEM.exe
C:\Programas\Logitech\SetPoint\KHALMNPR.EXE
D:\Programas\Steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
D:\hjt\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programas\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DPAgnt] C:\Programas\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Programas\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: steam.lnk = D:\Programas\Steam\steam.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA995485-F1B3-4A88-BFD6-536DF0C90A5C}: NameServer = 10.0.0.138,10.2.3.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programas\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programas\DigitalPersona\Bin\DpHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe