problem..please help, hjt log here [Archive]

View Full Version : problem..please help, hjt log here

SpankMAWA

26 Jan 2006, 6:58am

obviously i am very careless with the internet. my main problem is constant illegal operations from startup. i ran ad-aware and spybot and it finds problems but some are still there. any help is appreciated.

here's the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 1:47:32 AM, on 3/26/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\D3DH32.EXE
C:\WINDOWS\SYSTEM\IEKW32.EXE
C:\WINDOWS\WINSZ32.EXE
C:\WINDOWS\SYSTEM\D3FC32.EXE
C:\WINDOWS\WINLX.EXE
C:\WINDOWS\SYSTEM\APIID32.EXE
C:\WINDOWS\APINW32.EXE
C:\WINDOWS\IPVR.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\WINIA32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\CSAFE\AUTOCHK.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\SMC\SMC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\FCNAD.EXE
C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.EXE
C:\PROGRAM FILES\ESPNRUNTIME\DIGSERVICES.EXE
C:\WINDOWS\CRUO.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\IBMTOOLS\REGISTER\REMIND.EXE
C:\WINDOWS\APINW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\IPVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\IPVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\IPVR.EXE
C:\WINDOWS\SYSTEM\SYSCB32.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\IERY32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSCB32.EXE
C:\WINDOWS\ADDLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
O2 - BHO: Class - {CEB7A934-455A-7E33-2094-37FDFB344D3A} - C:\WINDOWS\SYSTEM\JAVARB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [{6B7276FF-DEEA-4b9e-8307-93F1D2AB6277}] C:\WINDOWS\DOWNLOADED PROGRAM FILES\FCNAD.EXE
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ADDWD.EXE] C:\WINDOWS\ADDWD.EXE
O4 - HKLM\..\Run: [CRUO.EXE] C:\WINDOWS\CRUO.EXE
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\private.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [D3DH32.EXE] C:\WINDOWS\SYSTEM\D3DH32.EXE /s
O4 - HKLM\..\RunServices: [IEKW32.EXE] C:\WINDOWS\SYSTEM\IEKW32.EXE /s
O4 - HKLM\..\RunServices: [WINSZ32.EXE] C:\WINDOWS\WINSZ32.EXE /s
O4 - HKLM\..\RunServices: [D3FC32.EXE] C:\WINDOWS\SYSTEM\D3FC32.EXE /s
O4 - HKLM\..\RunServices: [WINLX.EXE] C:\WINDOWS\WINLX.EXE /s
O4 - HKLM\..\RunServices: [APIID32.EXE] C:\WINDOWS\SYSTEM\APIID32.EXE /s
O4 - HKLM\..\RunServices: [APINW32.EXE] C:\WINDOWS\APINW32.EXE /s
O4 - HKLM\..\RunServices: [IPVR.EXE] C:\WINDOWS\IPVR.EXE /s
O4 - HKLM\..\RunServices: [ADDLT.EXE] C:\WINDOWS\ADDLT.EXE /s
O4 - HKLM\..\RunServices: [WINIA32.EXE] C:\WINDOWS\WINIA32.EXE /s
O4 - HKLM\..\RunServices: [SYSCB32.EXE] C:\WINDOWS\SYSTEM\SYSCB32.EXE /s
O4 - HKLM\..\RunServices: [IERY32.EXE] C:\WINDOWS\IERY32.EXE /s
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Reminder.lnk = C:\IBMTOOLS\REGISTER\remind.exe
O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: palstart.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572DFUS
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: FCNAD - http://www.peoplebot.com/media/fcnad.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.158,85.255.112.220

Mike1901

27 Jan 2006, 6:18pm

Owch, this looks nasty!

For now, please do the following (for the last bit, you will have no internet access, so please print or take note of these instructions beforehand):

Download Spybot S&D from http://security.kolla.de

Run a full scan, and allow it to fix everything it finds.

Now, reboot into Safe Mode (keep tapping F8 whilst windows is booting), and run a scan there (again with Spybot). Might be an idea to do a Safe Mode Ad-Aware scan too.

Still in Safe Mode, launch HJT and fix all of the following if they're still there:

O4 - HKLM\..\Run: [ADDWD.EXE] C:\WINDOWS\ADDWD.EXE
O4 - HKLM\..\Run: [CRUO.EXE] C:\WINDOWS\CRUO.EXE
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\private.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [D3DH32.EXE] C:\WINDOWS\SYSTEM\D3DH32.EXE /s
O4 - HKLM\..\RunServices: [IEKW32.EXE] C:\WINDOWS\SYSTEM\IEKW32.EXE /s
O4 - HKLM\..\RunServices: [WINSZ32.EXE] C:\WINDOWS\WINSZ32.EXE /s
O4 - HKLM\..\RunServices: [D3FC32.EXE] C:\WINDOWS\SYSTEM\D3FC32.EXE /s
O4 - HKLM\..\RunServices: [WINLX.EXE] C:\WINDOWS\WINLX.EXE /s
O4 - HKLM\..\RunServices: [APIID32.EXE] C:\WINDOWS\SYSTEM\APIID32.EXE /s
O4 - HKLM\..\RunServices: [APINW32.EXE] C:\WINDOWS\APINW32.EXE /s
O4 - HKLM\..\RunServices: [IPVR.EXE] C:\WINDOWS\IPVR.EXE /s
O4 - HKLM\..\RunServices: [ADDLT.EXE] C:\WINDOWS\ADDLT.EXE /s
O4 - HKLM\..\RunServices: [WINIA32.EXE] C:\WINDOWS\WINIA32.EXE /s
O4 - HKLM\..\RunServices: [SYSCB32.EXE] C:\WINDOWS\SYSTEM\SYSCB32.EXE /s
O4 - HKLM\..\RunServices: [IERY32.EXE] C:\WINDOWS\IERY32.EXE /s
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Reminder.lnk = C:\IBMTOOLS\REGISTER\remind.exe
O4 - Startup: palstart.exe

Now reboot into normal mode and post a new log.

Thanks,

Mike

SpankMAWA

28 Jan 2006, 4:59pm

ok, that part is done, here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 11:57:48 AM, on 3/28/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\WINLX.EXE
C:\WINDOWS\IPVR.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\ATLOZ.EXE
C:\WINDOWS\APITD.EXE
C:\WINDOWS\SDKXU.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\CSAFE\AUTOCHK.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\SMC\SMC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\FCNAD.EXE
C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.EXE
C:\PROGRAM FILES\ESPNRUNTIME\DIGSERVICES.EXE
C:\WINDOWS\SYSTEM\PRIVATE.EXE
C:\WINDOWS\CRUO.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DPODGROUP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SDKXU.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\IPVR.EXE
C:\WINDOWS\MSUD32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
O2 - BHO: Class - {CEB7A934-455A-7E33-2094-37FDFB344D3A} - C:\WINDOWS\SYSTEM\JAVARB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [{6B7276FF-DEEA-4b9e-8307-93F1D2AB6277}] C:\WINDOWS\DOWNLOADED PROGRAM FILES\FCNAD.EXE
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\private.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\Run: [CRUO.EXE] C:\WINDOWS\CRUO.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WINLX.EXE] C:\WINDOWS\WINLX.EXE /s
O4 - HKLM\..\RunServices: [IPVR.EXE] C:\WINDOWS\IPVR.EXE /s
O4 - HKLM\..\RunServices: [ADDLT.EXE] C:\WINDOWS\ADDLT.EXE /s
O4 - HKLM\..\RunServices: [ATLOZ.EXE] C:\WINDOWS\ATLOZ.EXE /s
O4 - HKLM\..\RunServices: [APITD.EXE] C:\WINDOWS\APITD.EXE /s
O4 - HKLM\..\RunServices: [SDKXU.EXE] C:\WINDOWS\SDKXU.EXE /s
O4 - HKLM\..\RunServices: [MSUD32.EXE] C:\WINDOWS\MSUD32.EXE /s
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\SYSTEM\DPODGROUP.EXE
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572DFUS
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: FCNAD - http://www.peoplebot.com/media/fcnad.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.158,85.255.112.220

thanks for your time