View Full Version : A0159698.exe Virus?? Help
imxxed
23 Feb 2007, 4:29am
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0159698.exe
I saw this same thing in another thread "A0159698.exe", my mcafee says its a virus but it cant clean it so I need help. I thought something was wrong because my computer just seems so bogged down. I cleaned it up some yesterday, but I need help. A
Any someone could provide would be great!
Thanks
Please, send a hijckthis log, Instructions are Here (http://www.short-media.com/forum/showthread.php?t=43902)
imxxed
26 Feb 2007, 6:46am
Ok here is the Hijack Log.. I did the other scans as well I will post the resuts from the BitDefender scan next.
Logfile of HijackThis v1.99.1
Scan saved at 3:30:56 PM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Adinah Israel
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\memoptimizer.exe" autostart
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
O8 - Extra context menu item: Exalead (Beta) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luExalead.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Gada Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGada.htm
O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
O8 - Extra context menu item: MSN Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMSN.htm
O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126037336046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127856517317
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com (http://www.carbonite.com)) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ray2soft3d400 Server (Ray2soft3d400Server) - Unknown owner - C:\Softimage\SOFT3D_4.0\mental_ray\bin\ray2Soft3D400server.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[B]BitDefender Online Scanner
Scan report generated at: Sun, Feb 25, 2007 - 15:16:06
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S5IJ8PUF\xp-cydoor-728[1].swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S5IJ8PUF\xp-cydoor-728[1].swf=>[SWF command]
Disinfection failed
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S5IJ8PUF\xp-cydoor-728[1].swf=>[SWF command]
Deleted
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S5IJ8PUF\xp-cydoor-728[1].swf
Update failed
C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0040
Infected with: Dropped:Application.Adware.NewDotNet.A
C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0040
Disinfection failed
C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0040
Deleted
C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)
Update failed
C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0041
Infected with: Trojan.Downloader.Swizzor.DO
C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0041
Disinfection failed
C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0041
Deleted
C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)
Update failed
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204015C0.exe=>(Quarantine-2)
Infected with: Trojan.Winad.AE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204015C0.exe=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204015C0.exe=>(Quarantine-2)
Deleted
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40E378FC.htm=>(Quarantine-2)
Infected with: JS.Trojan.Downloader.IstBar.M
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40E378FC.htm=>(Quarantine-2)
Disinfection failed
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40E378FC.htm=>(Quarantine-2)
Deleted
C:\RECYCLER\S-1-5-21-2468146815-3658631442-2080586265-1008\Dc653.exe=>wise0017
Infected with: Trojan.Downloader.Small.BKE
C:\RECYCLER\S-1-5-21-2468146815-3658631442-2080586265-1008\Dc653.exe=>wise0017
Disinfection failed
C:\RECYCLER\S-1-5-21-2468146815-3658631442-2080586265-1008\Dc653.exe=>wise0017
Deleted
C:\RECYCLER\S-1-5-21-2468146815-3658631442-2080586265-1008\Dc653.exe
Update failed
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP577\A0159698.EXE
Suspected of: BehavesLike:Win32.Malware
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP577\A0159698.EXE
Disinfection failed
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP577\A0159698.EXE
Deleted
Thanks in advance
Nuppi
26 Feb 2007, 12:24pm
You have multible antivirus programs running.:confused: It cause conflicts against them. Your comp is not in safe.
Please Choice only one antivirus and one firewall and shutdown anothers. Ensure that they dont start in startup :D
Send then a fresh hijack log.
imxxed
26 Feb 2007, 2:53pm
Ok.. I uninstalled AVG
I didnt see anything else, I just installed AVG to see if it would clean up this mess, and it didnt.... anyway here is the new log...
Logfile of HijackThis v1.99.1
Scan saved at 8:53:45 AM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Adinah Israel
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\memoptimizer.exe" autostart
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
O8 - Extra context menu item: Exalead (Beta) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luExalead.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Gada Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGada.htm
O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
O8 - Extra context menu item: MSN Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMSN.htm
O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126037336046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127856517317
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com (http://www.carbonite.com)) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ray2soft3d400 Server (Ray2soft3d400Server) - Unknown owner - C:\Softimage\SOFT3D_4.0\mental_ray\bin\ray2Soft3D400server.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
You have MCafee and norton. Ensure those what they are :D
Please do the following...
1. Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Click Exit on the Main menu to close the program.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
Once in Safe Mode:
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.
imxxed
27 Feb 2007, 5:31am
Ok here are my logs, for some reason AVG would not let me Quarantine everything, yes I did everything you said but for some reason it only let me delete most of the things. Also I tried to do ATF four times, but it kept closing at the end, so I dont know if it really worked.
Logfile of HijackThis v1.99.1
Scan saved at 11:15:22 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Adinah Israel
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\memoptimizer.exe" autostart
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
O8 - Extra context menu item: Exalead (Beta) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luExalead.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Gada Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGada.htm
O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
O8 - Extra context menu item: MSN Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMSN.htm
O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126037336046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127856517317
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com (http://www.carbonite.com)) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ray2soft3d400 Server (Ray2soft3d400Server) - Unknown owner - C:\Softimage\SOFT3D_4.0\mental_ray\bin\ray2Soft3D400server.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[B]A V G A n t i - S p y w a r e - S c a n R e p o r t
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ C r e a t e d a t : 1 0 : 2 3 : 4 2 P M 2 / 2 6 / 2 0 0 7
+ S c a n r e s u l t :
C : \ W I N D O W S \ G o l d e n P a l a c e C a s i n o P T s e t u p . e x e - > A d w a r e . C a s i n o : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
C : \ W I N D O W S \ c p b r k p i e . o c x - > A d w a r e . C o u p o n s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
C : \ P r o g r a m F i l e s \ D A E M O N T o o l s \ S e t u p D T S B . e x e - > A d w a r e . S a v e N o w : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ S 5 I J 8 P U F \ x p - c y d o o r - 7 2 8 [ 1 ] . s w f - > N o t - A - V i r u s . H o a x . S W F . A l e r t e r . a : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
: m o z i l l a . 1 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
: m o z i l l a . 1 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ c n n . 1 2 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ k a b o o s e . 1 1 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .
: m o z i l l a . 1 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .
: m o z i l l a . 1 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .
: m o z i l l a . 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .
: m o z i l l a . 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ a d v e r t i s i n g [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .
: m o z i l l a . 1 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A t d m t : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ a t d m t [ 2 ] . t x t - > T r a c k i n g C o o k i e . A t d m t : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ w w w . b u r s t b e a c o n [ 2 ] . t x t - > T r a c k i n g C o o k i e . B u r s t b e a c o n : C l e a n e d .
: m o z i l l a . 2 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .
: m o z i l l a . 2 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .
: m o z i l l a . 2 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ b u r s t n e t [ 2 ] . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ w w w . b u r s t n e t [ 1 ] . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .
: m o z i l l a . 1 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ d o u b l e c l i c k [ 1 ] . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ f a s t c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . F a s t c l i c k : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ e h g - k a s p e r s k y l a b . h i t b o x [ 2 ] . t x t - > T r a c k i n g C o o k i e . H i t b o x : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ e h g - v i a c o m . h i t b o x [ 1 ] . t x t - > T r a c k i n g C o o k i e . H i t b o x : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ h i t b o x [ 2 ] . t x t - > T r a c k i n g C o o k i e . H i t b o x : C l e a n e d .
C : \ R E C Y C L E R \ S - 1 - 5 - 2 1 - 1 9 2 8 7 2 5 0 7 2 - 2 3 3 7 3 5 5 6 7 7 - 1 0 1 9 2 3 7 2 - 1 0 0 8 \ D c 1 1 7 8 . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ m e d i a p l e x [ 1 ] . t x t - > T r a c k i n g C o o k i e . M e d i a p l e x : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ s t a t . o n e s t a t [ 2 ] . t x t - > T r a c k i n g C o o k i e . O n e s t a t : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ a d s . p o i n t r o l l [ 1 ] . t x t - > T r a c k i n g C o o k i e . P o i n t r o l l : C l e a n e d .
: m o z i l l a . 2 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l : C l e a n e d .
: m o z i l l a . 2 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ b s . s e r v i n g - s y s [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ s e r v i n g - s y s [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ a d o p t . s p e c i f i c c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . S p e c i f i c c l i c k : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ s t a t c o u n t e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . S t a t c o u n t e r : C l e a n e d .
: m o z i l l a . 1 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .
: m o z i l l a . 1 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .
: m o z i l l a . 2 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .
: m o z i l l a . 2 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .
: m o z i l l a . 2 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .
C : \ R E C Y C L E R \ S - 1 - 5 - 2 1 - 1 9 2 8 7 2 5 0 7 2 - 2 3 3 7 3 5 5 6 7 7 - 1 0 1 9 2 3 7 2 - 1 0 0 8 \ D c 1 1 1 8 . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ a d . y i e l d m a n a g e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ M y D o c u m e n t s \ d o w n l o a d s \ 3 0 0 _ [ 1 ] . S c r i p t s . l o v e w a r e z . c o m \ 3 0 0 + . S c r i p t s . l o v e w a r e z . c o m \ S c r i p t s \ 2 0 0 + A D D I T I O N A L P H P A N D C G I S C R I P T S . z i p / 2 P H P . z i p / g a l l e r y _ m a k e r _ p r o _ 1 . 5 . z i p / p a t c h . e x e - > T r o j a n . P r o x c r a k . A : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
: R e p o r t e n d
Scan hijack and check this :
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Close all programs exept hijackthis and click Fix checked.
Disable system restore : INSTRUCTIONS (http://www.short-media.com/forum/showthread.php?t=43918)
Boot comp.
Put system restore back.
Boot again.
Now it seems to be Clean.
imxxed
27 Feb 2007, 6:16pm
Ok, I have competed what you said, and it seems to be running a lot better
Thanks
Resolved
Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips (http://www.short-media.com/forum/showthread.php?t=39435) that Short-Media offers.
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread (http://www.short-media.com/forum/newthread.php?do=newthread&f=57) instead :)
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here (http://www.short-media.com/forum/showthread.php?t=29803)
vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.