Options
VX2 / XADSO Removal
I have updated and run both AdAware and SpyBot. All that is ever left is VX2 and the DSO Exploit that you said to ignore. Here is my HiJak. I appreciate any help!!!!!
Logfile of HijackThis v1.97.7
Scan saved at 11:26:47 AM, on 9/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\documents and settings\jcm\local settings\temp\kguXThsO.exe
C:\documents and settings\jcm\local settings\temp\bE5.exe
C:\WINDOWS\system32\yqkgsmh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\Bwd0m.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\Bwd0m.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SDC\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\SDC\Local Settings\Temp\D.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [kguXThsO] C:\documents and settings\jcm\local settings\temp\kguXThsO.exe
O4 - HKLM\..\Run: [bE5] C:\documents and settings\jcm\local settings\temp\bE5.exe
O4 - HKLM\..\Run: [596AXSP45W7QZ#] C:\WINDOWS\system32\Azw54.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [ktadwlnoaphu] C:\WINDOWS\system32\yqkgsmh.exe
O4 - HKLM\..\Run: [qF7X36V] atiakcoi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094170669594
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37883.9448958333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sietec.local
O17 - HKLM\Software\..\Telephony: DomainName = sietec.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B21AC72-CFDB-45A0-B248-F6AEF5FEEE2C}: NameServer = 10.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sietec.local
Logfile of HijackThis v1.97.7
Scan saved at 11:26:47 AM, on 9/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\documents and settings\jcm\local settings\temp\kguXThsO.exe
C:\documents and settings\jcm\local settings\temp\bE5.exe
C:\WINDOWS\system32\yqkgsmh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\Bwd0m.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\Bwd0m.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SDC\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\SDC\Local Settings\Temp\D.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [kguXThsO] C:\documents and settings\jcm\local settings\temp\kguXThsO.exe
O4 - HKLM\..\Run: [bE5] C:\documents and settings\jcm\local settings\temp\bE5.exe
O4 - HKLM\..\Run: [596AXSP45W7QZ#] C:\WINDOWS\system32\Azw54.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [ktadwlnoaphu] C:\WINDOWS\system32\yqkgsmh.exe
O4 - HKLM\..\Run: [qF7X36V] atiakcoi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094170669594
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37883.9448958333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sietec.local
O17 - HKLM\Software\..\Telephony: DomainName = sietec.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B21AC72-CFDB-45A0-B248-F6AEF5FEEE2C}: NameServer = 10.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sietec.local
0
Comments
Before doing the following, please Set your computer to show hidden files and folders, Disable System Restore, and Reboot in Safe Mode.
Once you have done that, Run HijackThis and have it fix the following:
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\SDC\Local Settings\Temp\D.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [kguXThsO] C:\documents and settings\jcm\local settings\temp\kguXThsO.exe
O4 - HKLM\..\Run: [bE5] C:\documents and settings\jcm\local settings\temp\bE5.exe
O4 - HKLM\..\Run: [596AXSP45W7QZ#] C:\WINDOWS\system32\Azw54.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [ktadwlnoaphu] C:\WINDOWS\system32\yqkgsmh.exe
O4 - HKLM\..\Run: [qF7X36V] atiakcoi.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v5.cab
Then find and locate the files listed above and Quarentine Them.
Once you have done that, reboot, scan with HiijackThis again, and post a new log.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\WINDOWS\system32\Weg6t.exe
C:\WINDOWS\system32\CerHP4.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\userinit.exe
C:\Documents and Settings\SDC\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [596AXSP45W7QZ#] C:\WINDOWS\system32\Yfk8.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094170669594
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37883.9448958333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sietec.local
O17 - HKLM\Software\..\Telephony: DomainName = sietec.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B21AC72-CFDB-45A0-B248-F6AEF5FEEE2C}: NameServer = 10.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sietec.local
O4 - HKLM\..\Run: [596AXSP45W7QZ#] C:\WINDOWS\system32\Yfk8.exe
Fix those, then find and delete Yfk8.exe. Reboot and post a new log.