Sponsored By

crazyJoe

Members
  • Content Count

    14
  • Joined

  • Last visited

About crazyJoe

  • Rank
    Member
  1. crazyJoe

    Hijack Log - Needs Help

    Much better, Thanks.
  2. crazyJoe

    Hijack Log - Needs Help

    Logfile of HijackThis v1.99.1 Scan saved at 10:18:57 PM, on 7/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe E:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wuauclt.exe C:\HijackThis\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  3. crazyJoe

    Hijack Log - Needs Help

    Logfile of HijackThis v1.99.1 Scan saved at 7:21:45 PM, on 7/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Program Files\Messenger\msmsgs.exe E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe E:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE C:\HijackThis\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll (file missing) O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing) O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe /////////////// VundoFix V6.4.1 Checking Java version... Scan started at 1:40:11 PM 6/3/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.4.1 Checking Java version... Scan started at 8:53:28 PM 6/4/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.4.1 Checking Java version... Scan started at 9:24:05 AM 6/8/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.4.1 Checking Java version... Scan started at 1:49:16 PM 6/8/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.4.1 Checking Java version... Scan started at 4:57:55 PM 6/30/2007 Listing files found while scanning.... C:\WINDOWS\system32\awtss.dll C:\WINDOWS\system32\sstwa.bak1 C:\WINDOWS\system32\sstwa.bak2 C:\WINDOWS\system32\sstwa.ini C:\WINDOWS\system32\sstwa.ini2 VundoFix V6.4.1 Checking Java version... Scan started at 6:55:46 PM 7/11/2007 Listing files found while scanning.... No infected files were found.
  4. crazyJoe

    Hijack Log - Needs Help

    Logfile of HijackThis v1.99.1 Scan saved at 11:21:57 AM, on 6/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe E:\Program Files\iTunes\iTunesHelper.exe C:\Documents and Settings\All Users\Application Data\xiladgte.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\scchk32.exe C:\Program Files\Messenger\msmsgs.exe E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe E:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HijackThis\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {15121244-9A9B-415A-8902-559BF75BC4D9} - C:\WINDOWS\system32\awtss.dll O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing) O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [xiladgte.exe] C:\Documents and Settings\All Users\Application Data\xiladgte.exe O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\lcoyajfo.dll",forkonce O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
  5. crazyJoe

    Hijack Log - Needs Help

    Incident Status Location Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\SMDAT32M.SYS Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat Adware:adware/winad Not disinfected c:\program files\Winad Client Adware:adware/elitebar Not disinfected C:\Documents and Settings\default\Favorites\Finances & Business Adware:adware/wupd Not disinfected Windows Registry Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM Adware:adware/dyfuca Not disinfected Windows Registry Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Adware:adware/comet Not disinfected Windows Registry Adware:adware/statblaster Not disinfected Windows Registry Virus:Trj/Downloader.OZB Not disinfected C:\WINDOWS\SYSTEM32\GSAIIJKJ.EXE[DDC.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NIRCMD.EXE Adware:Adware/Lop Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.131 Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.048 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FavoriteLinks.dll.066 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FreeSamples.dll.041 Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Music.dll.023 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Network.dll.062 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\System.dll.088 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Update.dll.066 Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.074 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.044 Adware:Adware/Zango Not disinfected C:\Program Files\Mozilla Firefox\PLUGINS\NPCLNTAX.DLL Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\A1VirusTools\ComboFix.exe[ComboFixT\nircmd.exe] Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\fhuxqrid.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ntouftsl.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nwyehhig.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\savlmilo.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\uvreqkva.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\wirlpctd.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cbxuurp.dll.bad Spyware:Spyware/New.net Not disinfected C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_84.exe.vir Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\csycqfyp.dll.vir Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gdefgmjm.dll.vir Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\oyhfpdoy.dll.vir Spyware:Cookie/Go Not disinfected C:\FOUND.010\FILE0000.CHK Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0000.CHK Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0001.CHK Spyware:Cookie/Go Not disinfected C:\FOUND.012\FILE0000.CHK Virus:Trj/Agent.FOX Disinfected C:\Documents and Settings\All Users\Application Data\YPWFKZUP.EXE Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Profiles\CLANSZ\TITSHPRY.SLT\COOKIES.TXT[.xiti.com/] Spyware:Cookie/Target Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Profiles\Default User\RAC5RH9Z.SLT\COOKIES.TXT[.target.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.statcounter.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[www.winantiviruspro.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.apmebf.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.go.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.atwola.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.bravenet.com/] Virus:Trj/Downloader.OJF Disinfected C:\Documents and Settings\Collin\Local Settings\Temp\win1C.tmp.exe Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Collin\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Collin\Start Menu\Programs\Startup\PowerReg Scheduler.exe Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rachel\Application Data\Netscape\NSB\Profiles\ygvctc98.default\COOKIES.TXT[.terra.com.br/] Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Rachel\Application Data\Netscape\NSB\Profiles\ygvctc98.default\COOKIES.TXT[.i.screensavers.com/]
  6. crazyJoe

    Hijack Log - Needs Help

    OK, finally got the report from Safe Mode. Would it help to see the Normal Mode scan at this time ? --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:56:28 AM 6/19/2007 + Scan result: :mozilla.33:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.34:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.52:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.54:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.55:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.56:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.57:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.85:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.69:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.70:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.71:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.72:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.73:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.74:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.75:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.76:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.77:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.31:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Collin\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.79:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.80:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.81:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.82:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.83:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.84:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.98:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.99:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.115:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.43:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.48:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.49:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.50:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.22:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.26:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Collin\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned. :mozilla.6:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.86:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.87:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.88:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.89:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.90:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.91:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.92:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.93:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.94:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.124:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.100:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.101:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.102:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.34:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.35:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.36:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.37:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end
  7. crazyJoe

    Hijack Log - Needs Help

    Did all suggestions including -> Select "Automatically generate report after every scan". After the scan was completed, selected " Apply all actions", selected "Reports", but the reports page showed "none available." Looks like the AVG scan reported several items including tracking cookies, etc. Any suggestions at this point ? By the way, The AVG version shows "7.5.1.43 trial" Thanks
  8. crazyJoe

    Hijack Log - Needs Help

    From the UploadMalware.com site : Your file (ypwfkzup.exe) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file. The file you tried to upload was 0 Bytes or something prevented it from being uploaded. If someone requested you upload the file please let them know.Your file (gsaiijkj.exe) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file. Your file (avjdrupo.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file. Your file (qhyfhewr.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file. Your file (xjs.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file. Could not locate: C:\WINDOWS\System32\dllcache\hwxjpn.dll
  9. crazyJoe

    Hijack Log - Needs Help

    WinPFind logfile created on: 6/9/2007 6:28:03 PM WinPFind by OldTimer - v2.0.3 Folder = C:\Documents and Settings\default\Desktop\WinPFind\ »»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600 Internet Explorer Version: 7.0.5730.11 »»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»» 319.30 Mb Total Physical Memory | 192.35 Mb Available Physical Memory | 60.24% Memory free 774.13 Mb Paging File | 712.59 Mb Available in Paging File | 92.05% Paging File free Paging file location(s): C:\pagefile.sys 480 960; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19.00 Gb Total Space | 3.46 Gb Free Space | 18.22% Space Free Drive D: | 588.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free Drive E: | 38.28 Gb Total Space | 1.50 Gb Free Space | 3.92% Space Free F: Drive not present or media not loaded Computer Name: BASEMENTDELL Current User Name: Administrator Logged in as Administrator. Cannot determine boot mode. »»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»» C:\Documents and Settings\default\Desktop\WinPFind\WinPFind.exe (OldTimer Tools) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe () »»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»» (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped] = C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.) (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped] = C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.) (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped] = C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.) (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] = C:\WINDOWS\SYSTEM32\dmadmin.exe (Microsoft Corp., Veritas Software) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] = C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) (InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] = C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG) (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] = C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) (LicCtrlService) LicCtrl Service [Win32_Own | Auto | Stopped] = C:\WINDOWS\runservice.exe (File not found) (neoNcSvc) Virtual Com Port Service [Win32_Own | Auto | Stopped] = C:\WINDOWS\system32\ncsvc.exe (File not found) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] = C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation) »»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»» >>>>> Run Keys and Auto-Start Folders <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.) FLMK08KB = E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE () HostManager = C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe (America Online, Inc.) iTunesHelper = E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) NvCplDaemon = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) nwiz = nwiz.exe (File not found) QuickTime Task = C:\Program Files\QuickTime\qttask.exe (Apple Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] AVG7_Run = C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] Installed = 1 < Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup > C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini () C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe () C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe (Motive Communications, Inc.) < User Startup Folder = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup > C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini () >>>>> MsConfig Disabled Items <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] system.ini = 0 win.ini = 0 bootini = 0 services = 0 startup = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-] Norton eMail Protect = C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe (File not found) Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE (File not found) >>>>> Disabled Startup Folder Items <<<<< >>>>> Items Started Through Miscellaneous Registry Keys <<<<< >>>>> Winlogon Keys <<<<< >>>>> HOSTS File <<<<< HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 27 bytes | Modified Date: 6/4/2007 8:27:02 PM) 127.0.0.1 localhost >>>>> Desktop Components <<<<< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] FriendlyName = My Current Home Page Source = About:Home SubscribedURL = About:Home >>>>> Internet Explorer Settings <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 Local Page = %SystemRoot%\system32\blank.htm Search Bar = Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 Start Page = about:blank [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm Default_Search_URL = http://www.google.com/ie SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] Local Page = C:\WINDOWS\SYSTEM\blank.htm Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch Start Page = about:blank [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search] SearchAssistant = about:blank [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] ProxyEnable = 0 ProxyOverride = ;127.0.0.1 >>>>> Browser Helper Objects <<<<< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] - Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) ) >>>>> HKLM Internet Explorer Bars <<<<< >>>>> HKCU Internet Explorer Bars <<<<< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}] - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) >>>>> HKLM Internet Explorer ToolBars <<<<< >>>>> HKCU Internet Explorer ToolBars <<<<< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser] {07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser] {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) >>>>> HKCU Internet Explorer CmdMapping <<<<< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} = 8196 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} = 8197 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) {FB5F1910-F110-11d2-BB9E-00C04F795683} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) NextId = 8199 >>>>> HKLM Internet Explorer Extensions <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}] MenuText = Sun Java Console ClsidExtension = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Web Browser Applet Control ( HKLM C:\WINDOWS\SYSTEM32\MSJAVA.DLL (Microsoft Corporation) ) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] ButtonText = Research [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}] ButtonText = AIM Exec = C:\PROGRAM FILES\Netscape\COMMUNICATOR\Program\AIM\aim.exe (America Online, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}] ButtonText = Real.com >>>>> HKCU Internet Explorer Menu Extensions <<<<< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Viewpoint Search] @ = C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL\CXTSEARCH.HTM (File not found) >>>>> HKLM Internet Explorer Plugins Extensions <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.htm] Location = E:\Program Files\Netscape\plugins\npTrident.dll (Netscape Communications Corp.) >>>>> HKLM Approved Shell Extensions <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) ) {0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) ) {1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () ) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () ) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () ) {32020A01-506E-484D-A2A8-BE3CF17601C3} = AlcoholShellEx ( HKLM = E:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (File not found) ) {42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) ) {764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! ) {7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) ) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! ) {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\SYSTEM32\hticons.dll (Hilgraeve, Inc.) ) {950FF917-7A57-46BC-8017-59D9BF474000} = Shell Extension for CDRW ( HKLM = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG) ) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) ) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) ) {A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) ) {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () ) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = E:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Inc.) ) {EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE} = eLicense Control ( HKLM = C:\WINDOWS\lcmmfu.cpl () ) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) ) {FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) ) >>>>> HKCU Approved Shell Extensions <<<<< >>>>> Context Menu Handlers / Column Handlers <<<<< [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension] @ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) ) [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR] @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR] @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlersnView] @ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\InCDMenu] @ = {950FF917-7A57-46BC-8017-59D9BF474000} ( HKLM = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG) ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext] @ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) ) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension] @ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) ) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR] @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () ) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}] - PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) ) >>>>> Policy Keys <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID] {17492023-C23A-453E-A040-C7C580BBF700} = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum] {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1 {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857 {0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] dontdisplaylastusername = 0 legalnoticecaption = legalnoticetext = shutdownwithoutlogon = 1 undockwithoutlogon = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp] NoRealMode = 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] NoDriveTypeAutoRun = ( 149 0 0 0 ) - • CDRAutoRun = ( 0 0 0 0 ) - Btn_Back = 0 Btn_Forward = 0 Btn_Stop = 0 Btn_Refresh = 0 Btn_Home = 0 Btn_Search = 0 Btn_History = 0 Btn_Favorites = 0 Btn_Folders = 0 Btn_Fullscreen = 0 Btn_Tools = 0 Btn_MailNews = 0 Btn_Size = 0 Btn_Print = 0 Btn_Edit = 0 Btn_Discussions = 0 Btn_Cut = 0 Btn_Copy = 0 Btn_Paste = 0 Btn_Encoding = 0 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]* >>>>> Security Providers <<<<< >>>>> Session Manager Settings <<<<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] BootExecute = autocheck autochk *; ExcludeFromKnownDlls = [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] ComSpec = %SystemRoot%\system32\cmd.exe ( C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) ) TEMP = C:\WINDOWS\TEMP TMP = C:\WINDOWS\TEMP windir = C:\WINDOWS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path] %SYSTEMROOT%\system32 %SYSTEMROOT% %SYSTEMROOT%\COMMAND C:\PROGRA~1\DELL\RESOLU~1\COMMON\BIN C:\ProgramFiles\CommonFiles\RoxioShared\DLLShared %SYSTEMROOT%\system32\WBEM C:\Program Files\QuickTime\QTSystem\ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT] .COM .EXE .BAT .CMD .VBS .VBE .JS .JSE .WSF .WSH >>>>> WOW Settings <<<<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW] cmdline = %SystemRoot%\system32\ntvdm.exe wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 >>>>> SafeBoot Option Settings <<<<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option] >>>>> User Agent Post Platform <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] iebar = >>>>> File Associations <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\] .bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} .cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} .exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} .hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found .html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} .inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found .pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found .reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found .txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found .vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} .wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found .wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found >>>>> Registry Shell Spawning <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -> "%1" %* (File not found) batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -> "%1" %* (File not found) cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -> "%1" %* (File not found) cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation) exefile [open] -> "%1" %* (File not found) htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -> "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation) htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation) htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation) https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation) inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL "%l" (Microsoft Corporation) InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -> "%1" %* (File not found) regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) regfile [open] -> regedit.exe "%1" (Microsoft Corporation) regfile [merge] -> Reg Data - Key not found regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) scrfile [config] -> "%1" (File not found) scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -> "%1" /S (File not found) txtfile [edit] -> Reg Data - Key not found txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" (File not found) >>>>> ActiveX StubPath settings <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\^RNA] StubPath = rundll rnasetup.dll,installoptionalcomponent rna [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] StubPath = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] StubPath = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] StubPath = regsvr32.exe /s /n /i:U shell32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395}] StubPath = regsvr32.exe /s /n /i:U shell32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] StubPath = C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}] StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] StubPath = C:\WINDOWS\system32\ieudinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE >>>>> TCP/IP Configuration <<<<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE47131A-0FFC-442D-8ED0-7593B1305921}] ( CNet PRO200 PCI Fast Ethernet Adapter ) DefaultGateway = DhcpDefaultGateway = 192.168.1.1; DhcpIPAddress = 192.168.1.100 DhcpNameServer = 24.140.1.3 24.140.1.2 DhcpServer = 192.168.1.1 DhcpSubnetMask = 255.255.255.0 Domain = EnableDHCP = 1 IPAddress = 0.0.0.0; IPAutoconfigurationAddress = 0.0.0.0 NameServer = SubnetMask = 0.0.0.0; >>>>> WinSock2 Parameters <<<<< >>>>> Default Protocols [HKLM] <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] @ivt - 1 = Local intranet file - 3 = Internet ftp - 3 = Internet http - 3 = Internet https - 3 = Internet shell - 0 = Computer >>>>> Protocol Handlers <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio] CLSID = {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - ( HKLM = C:\WINDOWS\SYSTEM32\msdxm.ocx () ) >>>>> Protocol Filters <<<<< >>>>> Downloaded Program Files <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation] CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab INF = C:\WINDOWS\Downloaded Program Files\QTPlugin.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09C6CAC0-936E-40A0-BC26-707480103DC3}\DownloadInformation] CODEBASE = http://www.uproar.com/applets/activex/shiz...pside_web18.cab INF = C:\WINDOWS\Downloaded Program Files\flipside_webmoo.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation] CODEBASE = http://go.microsoft.com/fwlink/?LinkID=39204 INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2042B57E-6336-459E-B7CE-2A0F6C9E6AF8}\DownloadInformation] CODEBASE = http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{215B8138-A3CF-44C5-803F-8226143CFC0A}\DownloadInformation] CODEBASE = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab INF = C:\WINDOWS\Downloaded Program Files\hcImpl.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\DownloadInformation] CODEBASE = http://www.miniclip.com/inflaterball/miniclipGameLoader.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\DownloadInformation] CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab INF = C:\WINDOWS\Downloaded Program Files\yinst.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33288993-5664-11D4-8B5B-00D0B73B3518}\DownloadInformation] CODEBASE = http://aol.ea.com/downloads/games/common/ieell.cab INF = C:\WINDOWS\Downloaded Program Files\ieell.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}\DownloadInformation] CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab INF = C:\WINDOWS\Downloaded Program Files\opuc.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06}\DownloadInformation] CODEBASE = https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab INF = C:\WINDOWS\Downloaded Program Files\NeoterisSetup.INF [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{525A15D0-4938-11D4-94C7-0050DA20189B}\DownloadInformation] CODEBASE = http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab INF = C:\WINDOWS\Downloaded Program Files\iesnoopy.INF [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\DownloadInformation] CODEBASE = http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab INF = C:\WINDOWS\Downloaded Program Files\wlscBase.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\DownloadInformation] CODEBASE = http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{72770C4F-967D-4517-982B-92D6B9015649}\DownloadInformation] CODEBASE = http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 INF = C:\WINDOWS\Downloaded Program Files\DigWebX.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\DownloadInformation] CODEBASE = http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab INF = C:\WINDOWS\Downloaded Program Files\xscan.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\DownloadInformation] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7908.7810648148 INF = C:\WINDOWS\Downloaded Program Files\iuctl.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9A296D4-38AC-4566-8168-F7ACAF7D35E6}\DownloadInformation] CODEBASE = http://imlive.com/ChatSource/gVideoContol.cab INF = C:\WINDOWS\Downloaded Program Files\gVideoContol.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\DownloadInformation] CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab INF = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation] CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab INF = C:\WINDOWS\Downloaded Program Files\swflash.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}\DownloadInformation] CODEBASE = http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab INF = C:\WINDOWS\Downloaded Program Files\ITDetector.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\DownloadInformation] CODEBASE = http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab INF = C:\WINDOWS\Downloaded Program Files\mcfscan.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation] CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd »»»»»»»»»»»»»»»»»»»» Files / Folders Created Within 30 Days »»»»»»»»»»»»» C:\$VAULT$.AVG [Folder | Created Date = 6/7/2007 7:52:38 PM | Attr = RH ] C:\A1VirusTools [Folder | Created Date = 5/29/2007 8:41:50 PM | Attr = ] C:\VundoFix Backups [Folder | Created Date = 5/29/2007 8:45:08 PM | Attr = ] C:\HijackThis [Folder | Created Date = 5/30/2007 8:16:16 PM | Attr = ] C:\QooBox [Folder | Created Date = 6/4/2007 7:22:56 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe [Ver = | Size = 57344 bytes | Created Date = 6/1/2007 3:05:01 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\avg7 [Folder | Created Date = 6/7/2007 6:46:28 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Created Date = 6/7/2007 6:46:28 PM | Attr = ] C:\Documents and Settings\Administrator\Application Data\Microsoft [Folder | Created Date = 5/25/2007 12:19:34 PM | Attr = S] C:\Documents and Settings\Administrator\Application Data\desktop.ini [Ver = | Size = 62 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = HS] C:\Documents and Settings\Administrator\Application Data\Lavasoft [Folder | Created Date = 5/25/2007 6:07:08 PM | Attr = ] C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder [Folder | Created Date = 5/30/2007 9:10:26 PM | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [Folder | Created Date = 5/25/2007 12:19:34 PM | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 122928 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = ] C:\Documents and Settings\All Users\Desktop\iTunes.lnk [Ver = | Size = 2055 bytes | Created Date = 5/15/2007 10:31:55 AM | Attr = ] C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [Ver = | Size = 1518 bytes | Created Date = 5/15/2007 10:26:54 AM | Attr = ] C:\Documents and Settings\All Users\Desktop\Age of Mythology - The Titans Expansion.lnk [Ver = | Size = 848 bytes | Created Date = 6/6/2007 11:59:37 AM | Attr = ] C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1446 bytes | Created Date = 6/7/2007 6:46:47 PM | Attr = ] C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk [Ver = | Size = 1735 bytes | Created Date = 5/25/2007 2:58:36 PM | Attr = ] C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk [Ver = | Size = 700 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = ] C:\Documents and Settings\Administrator\Desktop\New Microsoft Word Document.doc [Ver = | Size = 10752 bytes | Created Date = 5/30/2007 9:15:29 PM | Attr = ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk [Ver = | Size = 714 bytes | Created Date = 5/30/2007 6:18:58 PM | Attr = ] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = HS] C:\Program Files\Common Files\Wise Installation Wizard [Folder | Created Date = 5/25/2007 2:53:51 PM | Attr = ] C:\Program Files\Common Files\Download Manager [Folder | Created Date = 5/31/2007 3:54:48 PM | Attr = ] C:\WINDOWS\temp [Folder | Created Date = 6/8/2007 8:39:43 AM | Attr = ] C:\WINDOWS\erdnt [Folder | Created Date = 6/4/2007 7:24:29 PM | Attr = ] C:\WINDOWS\nircmd.exe NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ] C:\WINDOWS\catchme.exe [Ver = | Size = 87040 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ] C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 6/3/2007 11:07:44 AM | Attr = H ] C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 6/3/2007 11:07:44 AM | Attr = ] C:\WINDOWS\$NtUninstallKB927891$ [Folder | Created Date = 5/23/2007 3:02:53 PM | Attr = H ] C:\WINDOWS\System32\gjwkcjpk.ini [Ver = | Size = 833461 bytes | Created Date = 5/19/2007 2:17:06 PM | Attr = HS] C:\WINDOWS\System32\rwehfyhq.ini [Ver = | Size = 1102487 bytes | Created Date = 6/1/2007 6:32:07 PM | Attr = HS] C:\WINDOWS\System32\swxcacls.exe SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ] C:\WINDOWS\System32\kfigpqty.ini [Ver = | Size = 1101969 bytes | Created Date = 6/1/2007 8:57:18 AM | Attr = HS] C:\WINDOWS\System32\swsc.exe SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ] C:\WINDOWS\System32\moveex.exe [Ver = | Size = 38400 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ] C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 0 bytes | Created Date = 5/20/2007 8:49:55 PM | Attr = ] C:\WINDOWS\System32\ueybfgbt.ini [Ver = | Size = 1067647 bytes | Created Date = 5/30/2007 8:54:24 PM | Attr = HS] C:\WINDOWS\System32\vfind.exe [Ver = | Size = 49152 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ] C:\WINDOWS\System32\swreg.exe SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ] C:\WINDOWS\System32\WNASPI32.DLL Adaptec [Ver = 4.60 (1021) | Size = 45056 bytes | Created Date = 6/1/2007 2:29:38 PM | Attr = ] C:\WINDOWS\System32\tkvogcyj.ini [Ver = | Size = 828142 bytes | Created Date = 5/21/2007 3:29:39 PM | Attr = HS] C:\WINDOWS\System32\avjdrupo.dll [Ver = | Size = 131604 bytes | Created Date = 5/24/2007 3:26:13 PM | Attr = ] C:\WINDOWS\System32\owqstluj.ini [Ver = | Size = 591923 bytes | Created Date = 5/23/2007 6:16:09 AM | Attr = HS] C:\WINDOWS\System32\wshfhgxl.ini [Ver = | Size = 1010895 bytes | Created Date = 5/24/2007 2:12:01 PM | Attr = HS] C:\WINDOWS\System32\gsaiijkj.exe [Ver = | Size = 121194 bytes | Created Date = 5/25/2007 8:39:26 AM | Attr = ] C:\WINDOWS\System32\ivqaqpvx.ini [Ver = | Size = 1011255 bytes | Created Date = 5/24/2007 10:00:29 PM | Attr = HS] C:\WINDOWS\System32\qhyfhewr.dll [Ver = | Size = 131124 bytes | Created Date = 6/1/2007 6:32:06 PM | Attr = ] C:\WINDOWS\System32\xjs.dll [Ver = | Size = 60928 bytes | Created Date = 5/25/2007 3:42:38 PM | Attr = ] C:\WINDOWS\System32\ClickToFindandFixErrors_US.ico [Ver = | Size = 2238 bytes | Created Date = 5/25/2007 3:46:09 PM | Attr = ] C:\WINDOWS\System32\xvid-uninstall.exe [Ver = | Size = 43602 bytes | Created Date = 6/1/2007 6:25:22 PM | Attr = ] C:\WINDOWS\System32\drivers\ASPI32.SYS Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Created Date = 6/1/2007 2:29:38 PM | Attr = ] C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 6/7/2007 6:46:39 PM | Attr = ] C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 6/7/2007 6:46:42 PM | Attr = ] C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 6/7/2007 6:46:43 PM | Attr = ] C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ] C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ] C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ] »»»»»»»»»»»»»»»»»»»» Files / Folders Modified Within 30 Days »»»»»»»»»»»»» C:\$VAULT$.AVG [Folder | Modified Date = 6/7/2007 8:52:40 PM | Attr = RH ] C:\A1VirusTools [Folder | Modified Date = 5/29/2007 9:41:52 PM | Attr = ] C:\VundoFix Backups [Folder | Modified Date = 5/29/2007 9:45:10 PM | Attr = ] C:\HijackThis [Folder | Modified Date = 5/30/2007 9:16:18 PM | Attr = ] C:\QooBox [Folder | Modified Date = 6/4/2007 8:22:58 PM | Attr = ] C:\boot.ini [Ver = | Size = 217 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = HS] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe [Ver = | Size = 57344 bytes | Modified Date = 6/1/2007 4:05:02 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\avg7 [Folder | Modified Date = 6/7/2007 7:46:30 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Modified Date = 6/7/2007 7:46:30 PM | Attr = ] C:\Documents and Settings\Administrator\Application Data\Lavasoft [Folder | Modified Date = 5/25/2007 7:07:10 PM | Attr = ] C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder [Folder | Modified Date = 5/30/2007 10:10:28 PM | Attr = ] C:\Documents and Settings\All Users\Desktop\iTunes.lnk [Ver = | Size = 2055 bytes | Modified Date = 5/17/2007 8:19:24 PM | Attr = ] C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [Ver = | Size = 1518 bytes | Modified Date = 5/15/2007 11:26:56 AM | Attr = ] C:\Documents and Settings\All Users\Desktop\Age of Mythology - The Titans Expansion.lnk [Ver = | Size = 848 bytes | Modified Date = 6/6/2007 12:59:40 PM | Attr = ] C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1446 bytes | Modified Date = 6/7/2007 7:46:48 PM | Attr = ] C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk [Ver = | Size = 1735 bytes | Modified Date = 5/25/2007 3:58:38 PM | Attr = ] C:\Documents and Settings\Administrator\Desktop\New Microsoft Word Document.doc [Ver = | Size = 10752 bytes | Modified Date = 5/30/2007 10:15:30 PM | Attr = ] C:\Program Files\Common Files\Wise Installation Wizard [Folder | Modified Date = 5/25/2007 3:53:52 PM | Attr = ] C:\Program Files\Common Files\Download Manager [Folder | Modified Date = 5/31/2007 4:54:50 PM | Attr = ] C:\WINDOWS\SIERRA.INI [Ver = | Size = 936 bytes | Modified Date = 5/11/2007 4:57:36 PM | Attr = ] C:\WINDOWS\encore_launcher.ini [Ver = | Size = 174 bytes | Modified Date = 5/12/2007 9:25:50 AM | Attr = ] C:\WINDOWS\HPQCOPY.INI [Ver = | Size = 286 bytes | Modified Date = 6/4/2007 11:48:50 AM | Attr = ] C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 6/9/2007 6:26:10 PM | Attr = S] C:\WINDOWS\temp [Folder | Modified Date = 6/8/2007 9:39:44 AM | Attr = ] C:\WINDOWS\EReg072.dat [Ver = | Size = 2498 bytes | Modified Date = 6/8/2007 12:05:02 PM | Attr = ] C:\WINDOWS\erdnt [Folder | Modified Date = 6/4/2007 8:24:30 PM | Attr = ] C:\WINDOWS\catchme.exe [Ver = | Size = 87040 bytes | Modified Date = 5/28/2007 4:23:12 AM | Attr = ] C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 6/3/2007 12:07:46 PM | Attr = H ] C:\WINDOWS\system.ini [Ver = | Size = 716 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = ] C:\WINDOWS\win.ini [Ver = | Size = 2707 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = ] C:\WINDOWS\NeroDigital.ini [Ver = | Size = 229 bytes | Modified Date = 6/6/2007 12:44:30 PM | Attr = ] C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 6/3/2007 12:07:46 PM | Attr = ] C:\WINDOWS\DUMP35c9.tmp [Ver = | Size = 98304 bytes | Modified Date = 5/30/2007 7:57:52 PM | Attr = ] C:\WINDOWS\$NtUninstallKB927891$ [Folder | Modified Date = 5/23/2007 4:02:54 PM | Attr = H ] C:\WINDOWS\System32\gjwkcjpk.ini [Ver = | Size = 833461 bytes | Modified Date = 5/20/2007 7:32:18 PM | Attr = HS] C:\WINDOWS\System32\rwehfyhq.ini [Ver = | Size = 1102487 bytes | Modified Date = 6/4/2007 12:22:50 PM | Attr = HS] C:\WINDOWS\System32\kfigpqty.ini [Ver = | Size = 1101969 bytes | Modified Date = 6/1/2007 7:23:36 PM | Attr = HS] C:\WINDOWS\System32\SIntf32.dll [Ver = | Size = 17212 bytes | Modified Date = 5/14/2007 3:57:24 PM | Attr = ] C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 0 bytes | Modified Date = 6/2/2007 7:33:58 PM | Attr = ] C:\WINDOWS\System32\SIntfNT.dll [Ver = | Size = 21840 bytes | Modified Date = 5/14/2007 3:57:24 PM | Attr = ] C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 43094 bytes | Modified Date = 6/9/2007 6:23:54 PM | Attr = ] C:\WINDOWS\System32\ueybfgbt.ini [Ver = | Size = 1067647 bytes | Modified Date = 6/1/2007 9:56:24 AM | Attr = HS] C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 13646 bytes | Modified Date = 6/9/2007 6:23:40 PM | Attr = ] C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 38604 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ] C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 308222 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ] C:\WINDOWS\System32\tkvogcyj.ini [Ver = | Size = 828142 bytes | Modified Date = 5/22/2007 3:04:00 PM | Attr = HS] C:\WINDOWS\System32\avjdrupo.dll [Ver = | Size = 131604 bytes | Modified Date = 5/24/2007 4:26:18 PM | Attr = ] C:\WINDOWS\System32\owqstluj.ini [Ver = | Size = 591923 bytes | Modified Date = 5/24/2007 12:10:50 PM | Attr = HS] C:\WINDOWS\System32\wshfhgxl.ini [Ver = | Size = 1010895 bytes | Modified Date = 5/24/2007 11:00:40 PM | Attr = HS] C:\WINDOWS\System32\gsaiijkj.exe [Ver = | Size = 121194 bytes | Modified Date = 5/25/2007 9:39:28 AM | Attr = ] C:\WINDOWS\System32\ivqaqpvx.ini [Ver = | Size = 1011255 bytes | Modified Date = 5/25/2007 12:44:56 PM | Attr = HS] C:\WINDOWS\System32\qhyfhewr.dll [Ver = | Size = 131124 bytes | Modified Date = 6/1/2007 7:32:08 PM | Attr = ] C:\WINDOWS\System32\xjs.dll [Ver = | Size = 60928 bytes | Modified Date = 5/21/2007 9:59:50 AM | Attr = ] C:\WINDOWS\System32\mmf.sys [Ver = | Size = 777 bytes | Modified Date = 6/1/2007 4:04:38 PM | Attr = HS] C:\WINDOWS\System32\SIntf16.dll [Ver = | Size = 12067 bytes | Modified Date = 5/14/2007 3:57:22 PM | Attr = ] C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 347886 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ] C:\WINDOWS\System32\ClickToFindandFixErrors_US.ico [Ver = | Size = 2238 bytes | Modified Date = 5/25/2007 4:46:10 PM | Attr = ] C:\WINDOWS\System32\xvid-uninstall.exe [Ver = | Size = 43602 bytes | Modified Date = 6/1/2007 7:30:00 PM | Attr = ] C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 6/7/2007 7:46:40 PM | Attr = ] C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 6/7/2007 7:46:44 PM | Attr = ] C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 6/7/2007 7:46:44 PM | Attr = ] C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ] C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ] C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ] »»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»» [Thawte Consulting , ]C:\iaplayer_2.05.10.0325.exe () [uPX! , UPX0 , ]C:\FxMydoom.exe (Symantec Corporation) [Thawte Consulting , ]C:\GoogleEarth.exe (InstallShield Software Corporation) [uPX! , UPX0 , ]C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe () [Thawte Consulting , USERTRUST , ]C:\WINDOWS\SYSTEM.NAV () [uPX! , UPX0 , ]C:\WINDOWS\System32\UC3D.scr () [PEC2 , ]C:\WINDOWS\System32\dfrg.msc () [winsync , ]C:\WINDOWS\System32\wbdbase.deu () [uPX! , UPX0 , ]C:\WINDOWS\System32\avisynth.dll (The Public) [uPX! , ]C:\WINDOWS\System32\qhyfhewr.dll () [PEC2 , PECompact2 , ]C:\WINDOWS\System32\xjs.dll () [uPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll () [aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.) < End of report >
  10. crazyJoe

    Hijack Log - Needs Help

    Logfile of HijackThis v1.99.1 Scan saved at 3:06:36 PM, on 6/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Program Files\Messenger\msmsgs.exe E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE C:\HijackThis\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing) O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing) O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing) O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  11. crazyJoe

    Hijack Log - Needs Help

    "default" - 2007-06-04 20:38:30 Service Pack 2 ComboFix 07-06-3 - Running from: "C:\A1VirusTools\" ((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 ))))))))))))))))))))))))))))))) 2007-06-01 20:06 2,580 --a------ C:\WINDOWS\SYSTEM32\wpfigkui.exe 2007-06-01 19:45 2,580 --a------ C:\WINDOWS\SYSTEM32\fdknxack.exe 2007-06-01 19:32 131,124 --a------ C:\WINDOWS\SYSTEM32\qhyfhewr.dll 2007-06-01 19:25 43,602 --a------ C:\WINDOWS\SYSTEM32\xvid-uninstall.exe 2007-06-01 16:07 28,160 --a------ C:\WINDOWS\SYSTEM32\sysmon32.exe 2007-06-01 16:05 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ypwfkzup.exe 2007-06-01 16:04 28,160 --a------ C:\WINDOWS\SYSTEM32\winsys64.exe 2007-06-01 15:29 5,600 --a------ C:\WINDOWS\SYSTEM\WINASPI.DLL 2007-06-01 15:29 45,056 --a------ C:\WINDOWS\SYSTEM32\WNASPI32.DLL 2007-06-01 15:29 4,672 --a------ C:\WINDOWS\SYSTEM\WOWPOST.EXE 2007-06-01 15:29 25,244 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS 2007-05-31 16:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2007-05-30 22:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Share-to-Web Upload Folder 2007-05-30 21:16 <DIR> d-------- C:\HijackThis 2007-05-30 19:38 <DIR> d-------- C:\DOCUME~1\default\.housecall6.6 2007-05-30 19:23 1,060,864 --a------ C:\WINDOWS\SYSTEM32\MFC71.dll 2007-05-29 21:45 <DIR> d-------- C:\VundoFix Backups 2007-05-29 21:41 <DIR> d-------- C:\A1VirusTools 2007-05-25 19:07 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft 2007-05-25 16:42 60,928 --a------ C:\WINDOWS\SYSTEM32\xjs.dll 2007-05-25 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-25 14:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback 2007-05-25 13:19 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat 2007-05-25 09:39 121,194 --a------ C:\WINDOWS\SYSTEM32\gsaiijkj.exe 2007-05-24 16:26 131,604 --a------ C:\WINDOWS\SYSTEM32\avjdrupo.dll 2007-05-19 15:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2007-05-15 11:31 <DIR> d-------- C:\Program Files\iPod (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-01 20:04:38 777 --sha-w C:\WINDOWS\system32\mmf.sys 2007-05-14 19:57:24 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2007-05-14 19:57:24 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2007-05-14 19:57:22 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2007-04-28 19:54:08 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-04-28 18:36:02 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-20 21:53:04 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys 2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-01 17:21:16 19,884 ----a-w C:\WINDOWS\mozver.dat 2007-03-31 16:28:32 2,421 ----a-w C:\WINDOWS\eReg.dat 2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {13F42AE3-5DB0-4D06-92BC-80E527371E37}=C:\WINDOWS\system32\nkfqldcl.dll [] {6826CC2B-8872-4FD8-AB86-5EB29702AE66}=C:\WINDOWS\system32\vtspq.dll [] {955C3849-D3A9-BD2B-D909-89ADABCC7797}=C:\WINDOWS\system32\xjs.dll [2007-05-21 09:59] {BEA4543D-E96F-475B-8F30-C29924A74973}=C:\WINDOWS\system32\yabxy.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemTray"="SysTray.Exe" [2004-08-04 12:00 C:\WINDOWS\SYSTEM32\systray.exe] "Rp0uI.exe"="C:\documents and settings\collin\local settings\temp\Rp0uI.exe" [] "Rp0uI"="C:\documents and settings\collin\local settings\temp\Rp0uI.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe" [2005-11-02 22:01] "nwiz"="nwiz.exe" [] "FLMK08KB"="E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [2006-08-04 18:04] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25] "ypwfkzup.exe"="C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe" [2007-06-01 16:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "PhotoShow Deluxe Media Manager"="E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 21:50] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "Btn_Back"=0 (0x0) "Btn_Forward"=0 (0x0) "Btn_Stop"=0 (0x0) "Btn_Refresh"=0 (0x0) "Btn_Home"=0 (0x0) "Btn_Search"=0 (0x0) "Btn_History"=0 (0x0) "Btn_Favorites"=0 (0x0) "Btn_Folders"=0 (0x0) "Btn_Fullscreen"=0 (0x0) "Btn_Tools"=0 (0x0) "Btn_MailNews"=0 (0x0) "Btn_Size"=0 (0x0) "Btn_Print"=0 (0x0) "Btn_Edit"=0 (0x0) "Btn_Discussions"=0 (0x0) "Btn_Cut"=0 (0x0) "Btn_Copy"=0 (0x0) "Btn_Paste"=0 (0x0) "Btn_Encoding"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "Btn_Back"=0 (0x0) "Btn_Forward"=0 (0x0) "Btn_Stop"=0 (0x0) "Btn_Refresh"=0 (0x0) "Btn_Home"=0 (0x0) "Btn_Search"=0 (0x0) "Btn_History"=0 (0x0) "Btn_Favorites"=0 (0x0) "Btn_Folders"=0 (0x0) "Btn_Fullscreen"=0 (0x0) "Btn_Tools"=0 (0x0) "Btn_MailNews"=0 (0x0) "Btn_Size"=0 (0x0) "Btn_Print"=0 (0x0) "Btn_Edit"=0 (0x0) "Btn_Discussions"=0 (0x0) "Btn_Cut"=0 (0x0) "Btn_Copy"=0 (0x0) "Btn_Paste"=0 (0x0) "Btn_Encoding"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Norton eMail Protect"=C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe "Norton Auto-Protect"=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "RxMon"=C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe "MadExe"=C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb05.exe "Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime "projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" "ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe "kdx"=C:\WINDOWS\KDX\KHOST.EXE "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "NAV DefAlert"=C:\PROGRA~1\NORTON~1\DEFALERT.EXE HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-02 23:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job 2007-06-05 00:08:02 C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job 2007-06-02 00:00:02 C:\WINDOWS\tasks\Scan for Viruses.job 2003-06-26 17:16:10 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#Deskjet#3420.job 2007-06-02 05:00:02 C:\WINDOWS\tasks\Maintenance-Defragment programs.job 2007-06-02 17:35:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-01-01 04:30:02 C:\WINDOWS\tasks\Maintenance-Disk cleanup.job 2007-04-14 17:05:02 C:\WINDOWS\tasks\Run LiveUpdate (for Norton AntiVirus).job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-04 20:42:20 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Files hidden from API: C:\WINDOWS\.yohoho C:\WINDOWS\.file_store_32 C:\WINDOWS\.javaws C:\WINDOWS\.java C:\WINDOWS\.plugin141_02.trace C:\WINDOWS\.jpi_cache Completion time: 2007-06-04 20:45:50 C:\ComboFix-quarantined-files1.txt ... 2007-06-04 20:28 C:\ComboFix-quarantined-files.txt ... 2007-06-04 20:43 --- E O F --- //////////////////// Logfile of HijackThis v1.99.1 Scan saved at 8:48:48 PM, on 6/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\ComboFix\29860.cfexe C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe E:\Program Files\iTunes\iTunesHelper.exe C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe C:\Program Files\Messenger\msmsgs.exe E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\taskmgr.exe C:\HijackThis\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing) O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing) O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing) O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  12. crazyJoe

    Hijack Log - Needs Help

    VundoFix V6.4.1 Checking Java version... Scan started at 9:45:09 PM 5/29/2007 Listing files found while scanning.... C:\WINDOWS\SYSTEM32\avkqervu.ini C:\WINDOWS\SYSTEM32\ddcyyvw.dll C:\WINDOWS\SYSTEM32\dirqxuhf.ini C:\WINDOWS\SYSTEM32\dtcplriw.ini C:\WINDOWS\SYSTEM32\fhuxqrid.dll C:\WINDOWS\SYSTEM32\gihheywn.ini C:\WINDOWS\SYSTEM32\iifedef.dll C:\WINDOWS\SYSTEM32\khfccbb.dll C:\WINDOWS\SYSTEM32\knoqr.ini C:\WINDOWS\SYSTEM32\lstfuotn.ini C:\WINDOWS\SYSTEM32\mmipvwqw.dll C:\WINDOWS\SYSTEM32\nnnnmkj.dll C:\WINDOWS\system32\ntouftsl.dll C:\WINDOWS\SYSTEM32\nwyehhig.dll C:\WINDOWS\SYSTEM32\olimlvas.ini C:\WINDOWS\SYSTEM32\pmnkkhg.dll C:\WINDOWS\SYSTEM32\qomklki.dll C:\WINDOWS\SYSTEM32\rqonk.dll C:\WINDOWS\SYSTEM32\rqrrsqo.dll C:\WINDOWS\SYSTEM32\savlmilo.dll C:\WINDOWS\SYSTEM32\ssqolki.dll C:\WINDOWS\SYSTEM32\uvreqkva.dll C:\WINDOWS\SYSTEM32\wirlpctd.dll C:\WINDOWS\SYSTEM32\wvuusqq.dll C:\WINDOWS\SYSTEM32\wvuvtqq.dll C:\WINDOWS\system32\yabxy.dll C:\WINDOWS\SYSTEM32\yxbay.bak1 C:\WINDOWS\SYSTEM32\yxbay.bak2 C:\WINDOWS\SYSTEM32\yxbay.ini C:\WINDOWS\SYSTEM32\yxbay.ini2 C:\WINDOWS\SYSTEM32\yxbay.tmp Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\avkqervu.ini C:\WINDOWS\SYSTEM32\avkqervu.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ddcyyvw.dll C:\WINDOWS\SYSTEM32\ddcyyvw.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\dirqxuhf.ini C:\WINDOWS\SYSTEM32\dirqxuhf.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\dtcplriw.ini C:\WINDOWS\SYSTEM32\dtcplriw.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\fhuxqrid.dll C:\WINDOWS\SYSTEM32\fhuxqrid.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\gihheywn.ini C:\WINDOWS\SYSTEM32\gihheywn.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\iifedef.dll C:\WINDOWS\SYSTEM32\iifedef.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\khfccbb.dll C:\WINDOWS\SYSTEM32\khfccbb.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\knoqr.ini C:\WINDOWS\SYSTEM32\knoqr.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\lstfuotn.ini C:\WINDOWS\SYSTEM32\lstfuotn.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\mmipvwqw.dll C:\WINDOWS\SYSTEM32\mmipvwqw.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\nnnnmkj.dll C:\WINDOWS\SYSTEM32\nnnnmkj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ntouftsl.dll C:\WINDOWS\system32\ntouftsl.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\nwyehhig.dll C:\WINDOWS\SYSTEM32\nwyehhig.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\olimlvas.ini C:\WINDOWS\SYSTEM32\olimlvas.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\pmnkkhg.dll C:\WINDOWS\SYSTEM32\pmnkkhg.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\qomklki.dll C:\WINDOWS\SYSTEM32\qomklki.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\rqonk.dll C:\WINDOWS\SYSTEM32\rqonk.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\rqrrsqo.dll C:\WINDOWS\SYSTEM32\rqrrsqo.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\savlmilo.dll C:\WINDOWS\SYSTEM32\savlmilo.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ssqolki.dll C:\WINDOWS\SYSTEM32\ssqolki.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\uvreqkva.dll C:\WINDOWS\SYSTEM32\uvreqkva.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\wirlpctd.dll C:\WINDOWS\SYSTEM32\wirlpctd.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\wvuusqq.dll C:\WINDOWS\SYSTEM32\wvuusqq.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\wvuvtqq.dll C:\WINDOWS\SYSTEM32\wvuvtqq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yabxy.dll C:\WINDOWS\system32\yabxy.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.bak1 C:\WINDOWS\SYSTEM32\yxbay.bak1 Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.bak2 C:\WINDOWS\SYSTEM32\yxbay.bak2 Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.ini C:\WINDOWS\SYSTEM32\yxbay.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.ini2 C:\WINDOWS\SYSTEM32\yxbay.ini2 Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.tmp C:\WINDOWS\SYSTEM32\yxbay.tmp Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.4.1 Checking Java version... Scan started at 5:41:13 AM 5/30/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.4.1 Checking Java version... Scan started at 9:33:27 PM 5/30/2007 Listing files found while scanning.... C:\WINDOWS\SYSTEM32\efcdcab.dll Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll C:\WINDOWS\SYSTEM32\efcdcab.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll C:\WINDOWS\SYSTEM32\efcdcab.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.4.1 Checking Java version... Scan started at 7:34:39 PM 5/31/2007 Listing files found while scanning.... VundoFix V6.4.1 Checking Java version... Scan started at 12:17:31 PM 6/3/2007 Listing files found while scanning.... C:\WINDOWS\SYSTEM32\aehhxoca.dll C:\WINDOWS\SYSTEM32\cbxuurp.dll C:\WINDOWS\SYSTEM32\cspqhoih.dll C:\WINDOWS\SYSTEM32\efcdcab.dll C:\WINDOWS\SYSTEM32\onleficn.dll C:\WINDOWS\system32\qpstv.bak1 C:\WINDOWS\system32\qpstv.bak2 C:\WINDOWS\system32\qpstv.ini C:\WINDOWS\system32\qpstv.ini2 C:\WINDOWS\system32\vtspq.dll Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\aehhxoca.dll C:\WINDOWS\SYSTEM32\aehhxoca.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\cbxuurp.dll C:\WINDOWS\SYSTEM32\cbxuurp.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\cspqhoih.dll C:\WINDOWS\SYSTEM32\cspqhoih.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll C:\WINDOWS\SYSTEM32\efcdcab.dll Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\onleficn.dll C:\WINDOWS\SYSTEM32\onleficn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qpstv.bak1 C:\WINDOWS\system32\qpstv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\qpstv.bak2 C:\WINDOWS\system32\qpstv.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\qpstv.ini C:\WINDOWS\system32\qpstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qpstv.ini2 C:\WINDOWS\system32\qpstv.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\vtspq.dll C:\WINDOWS\system32\vtspq.dll Has been deleted! Performing Repairs to the registry. Done! ////////////////////////////// Logfile of HijackThis v1.99.1 Scan saved at 2:19:58 PM, on 6/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe C:\WINDOWS\smgr.exe C:\Program Files\Messenger\msmsgs.exe E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HijackThis\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0F545CCB-B856-4AFC-841F-FA0C265508F5} - C:\WINDOWS\system32\oyhfpdoy.dll O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing) O2 - BHO: (no name) - {500946D2-A5FC-4BC4-A4FD-D29128AAC1A7} - C:\WINDOWS\system32\oyhfpdoy.dll O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing) O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\efcdcab.dll (file missing) O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing) O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\xiakyxib.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sManager] smanager.7.exe O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\1792016.exe O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsus.dll,startup O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe O4 - HKLM\..\Run: [smgr] smgr.exe O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\qhyfhewr.dll",realset O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winvvh32 - C:\WINDOWS\SYSTEM32\winvvh32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  13. crazyJoe

    Hijack Log - Needs Help

    Ok, here ya go. thanks. Logfile of HijackThis v1.99.1 Scan saved at 10:39:49 AM, on 6/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Program Files\QuickTime\qttask.exe E:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\TEMP\1792016.exe C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe C:\WINDOWS\smgr.exe C:\Program Files\Messenger\msmsgs.exe E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe E:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HijackThis\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0BE77714-1DA8-4F21-B597-94B2B905790D} - C:\WINDOWS\system32\vtspq.dll O2 - BHO: (no name) - {0F545CCB-B856-4AFC-841F-FA0C265508F5} - C:\WINDOWS\system32\oyhfpdoy.dll O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing) O2 - BHO: (no name) - {500946D2-A5FC-4BC4-A4FD-D29128AAC1A7} - C:\WINDOWS\system32\oyhfpdoy.dll O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\efcdcab.dll O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing) O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\xiakyxib.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sManager] smanager.7.exe O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\1792016.exe O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsus.dll,startup O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe O4 - HKLM\..\Run: [smgr] smgr.exe O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\qhyfhewr.dll",realset O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab O20 - Winlogon Notify: efcdcab - C:\WINDOWS\SYSTEM32\efcdcab.dll O20 - Winlogon Notify: vtspq - C:\WINDOWS\system32\vtspq.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winvvh32 - C:\WINDOWS\SYSTEM32\winvvh32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing) O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  14. crazyJoe

    Hijack Log - Needs Help

    Hi there, hope someone can offer advice on removing the Vundo virus from my PC. Spybot, ad-aware and VundoFix all have failed to remove this #@# thing. Here is the HijackThis log. Any help would really be appreciated. Thanks. ///////////////////////////////////////////////////////////////////// Logfile of HijackThis v1.99.1 Scan saved at 10:19:05 PM, on 5/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\runservice.exe C:\WINDOWS\system32\ncsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Program Files\Messenger\msmsgs.exe E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE C:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\tbgfbyeu.dll",realset O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe