Options
ADS 345 Removal
I would sincerely appreciate help getting rid of ADS 345. It did one good thing - it convinced me to switch to FireFox. However, I still need to use IE to access one site associated with my job. ADS 345 gets in the way of me getting to that one site. I have run both SpyBot and AdAware. It appears ADS345 has infected several users on my computer.
Here is the HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 10:06:01 PM, on 1/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\windows\eElx7BPA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\Iqq.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Xhrmy.exe
C:\documents and settings\alan\local settings\temp\CIVh9w.exe
C:\documents and settings\alan\local settings\temp\lw.exe
C:\documents and settings\alan\local settings\temp\iq.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.lycos.com/default.asp?esi=1&data=XtpejfSDfFXuIO2q2yOmAAbq0Fdx7W8-pGqDpSLBZzK-MU0e0SJ-J2vb728bldjn-PVG6kpVq9fz7qI_mf_RZ5ybEav8EZLxVojb-M5FchdtiM8ebM3sErHxlRpJWbdlKJag8T4fymMuuPQoe1OMhzJ2xugwny0Ns8t3YZiK4C62DHIYXjuN0_s6b7iMHo_G5vAqwRLBG71uA2tPf_SdF3jcAwkjDglXBocNlaIbrwi2rw9sHx1nFQhgs-K0hKC7J7aLnq7YToSlYYkm-YutaLr8fSDpffcxZYke4x5fOCVMckOUdCGZyI38b_eI3nhrwwPl5gCUUNTm_kN-SlKi74CgLcoOHRKdAA
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Merriam-Webster - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E28988F2-654D-18C6-6B01-6AB35E980A93} - C:\WINDOWS\system32\xrbwimij.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Alan\Local Settings\Temp\CzWU.dll
O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [da4nc] C:\docume~1\bryce\locals~1\temp\da4nc.exe
O4 - HKLM\..\Run: [xl0D] C:\docume~1\bryce\locals~1\temp\xl0D.exe
O4 - HKLM\..\Run: [tgO] C:\documents and settings\alan\local settings\temp\tgO.exe
O4 - HKLM\..\Run: [Lkb] C:\documents and settings\kate\local settings\temp\Lkb.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [eElx7BPA] C:\windows\eElx7BPA.exe
O4 - HKLM\..\Run: [vO] C:\windows\vO.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iqq] C:\windows\Iqq.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [66VQM0FVb] C:\documents and settings\bryce\local settings\temp\66VQM0FVb.exe
O4 - HKLM\..\Run: [ELPWR] C:\documents and settings\bryce\local settings\temp\ELPWR.exe
O4 - HKLM\..\Run: [9ck0H9tnR] C:\documents and settings\bryce\local settings\temp\9ck0H9tnR.exe
O4 - HKLM\..\Run: [Bqhrlm2] C:\documents and settings\kate\local settings\temp\Bqhrlm2.exe
O4 - HKLM\..\Run: [9In] C:\documents and settings\kate\local settings\temp\9In.exe
O4 - HKLM\..\Run: [jB9e] C:\documents and settings\kate\local settings\temp\jB9e.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [CIVh9w] C:\documents and settings\alan\local settings\temp\CIVh9w.exe
O4 - HKLM\..\Run: [lw] C:\documents and settings\alan\local settings\temp\lw.exe
O4 - HKLM\..\Run: [iq] C:\documents and settings\alan\local settings\temp\iq.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Billminder.lnk = C:\Program Files\quicken\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\quicken\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: eCrew Delta Technology V13100 - http://10.1.44.53/classes/cst/eCrew13100.cab
O16 - DPF: eCrew Delta Technology V13112 - http://10.1.44.53/classes/cst/eCrew13112.cab
O16 - DPF: eCrew Delta Technology V1333 - http://10.1.44.53/classes/cst/eCrew1333.cab
O16 - DPF: eCrew Delta Technology V1361 - http://10.1.44.53/classes/cst/eCrew1361.cab
O16 - DPF: eCrew Delta Technology V1372 - http://10.1.44.53/classes/cst/eCrew1372.cab
O16 - DPF: eCrew Delta Technology V1381 - http://10.1.44.53/classes/cst/eCrew1381.cab
O16 - DPF: eCrew Delta Technology V1397 - http://10.1.44.53/classes/cst/eCrew1397.cab
O16 - DPF: eCrew Delta Technology V1410 - http://10.1.44.53/classes/cst/eCrew1410.cab
O16 - DPF: eCrew Delta Technology V14120 - http://ecrew.delta-air.com/eCrew14120.cab
O16 - DPF: eCrew Delta Technology V14141 - http://ecrew.delta-air.com/eCrew14141.cab
O16 - DPF: eCrew Delta Technology V14169 - http://ecrew.delta-air.com/eCrew14169.cab
O16 - DPF: eCrew Delta Technology V1472 - http://ecrew.delta-air.com/eCrew1472.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/257bae80c7b366706a00/netzip/RdxIE601.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.58-deleon/GoogleNav.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://images.ancestry.com/asfiles/files/install/MFImgVwr.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/generic/wtwdinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D8F595EF-81B1-47A5-8CC4-F7DA44B5FF64} (ImagePreview Class) - http://images.ancestry.com/asfiles/files/install/MFImgVwr.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.m-w.com/tools/toolbar/cabs/m-w.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Here is the HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 10:06:01 PM, on 1/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\windows\eElx7BPA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\Iqq.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Xhrmy.exe
C:\documents and settings\alan\local settings\temp\CIVh9w.exe
C:\documents and settings\alan\local settings\temp\lw.exe
C:\documents and settings\alan\local settings\temp\iq.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.lycos.com/default.asp?esi=1&data=XtpejfSDfFXuIO2q2yOmAAbq0Fdx7W8-pGqDpSLBZzK-MU0e0SJ-J2vb728bldjn-PVG6kpVq9fz7qI_mf_RZ5ybEav8EZLxVojb-M5FchdtiM8ebM3sErHxlRpJWbdlKJag8T4fymMuuPQoe1OMhzJ2xugwny0Ns8t3YZiK4C62DHIYXjuN0_s6b7iMHo_G5vAqwRLBG71uA2tPf_SdF3jcAwkjDglXBocNlaIbrwi2rw9sHx1nFQhgs-K0hKC7J7aLnq7YToSlYYkm-YutaLr8fSDpffcxZYke4x5fOCVMckOUdCGZyI38b_eI3nhrwwPl5gCUUNTm_kN-SlKi74CgLcoOHRKdAA
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Merriam-Webster - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E28988F2-654D-18C6-6B01-6AB35E980A93} - C:\WINDOWS\system32\xrbwimij.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Alan\Local Settings\Temp\CzWU.dll
O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [da4nc] C:\docume~1\bryce\locals~1\temp\da4nc.exe
O4 - HKLM\..\Run: [xl0D] C:\docume~1\bryce\locals~1\temp\xl0D.exe
O4 - HKLM\..\Run: [tgO] C:\documents and settings\alan\local settings\temp\tgO.exe
O4 - HKLM\..\Run: [Lkb] C:\documents and settings\kate\local settings\temp\Lkb.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [eElx7BPA] C:\windows\eElx7BPA.exe
O4 - HKLM\..\Run: [vO] C:\windows\vO.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iqq] C:\windows\Iqq.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [66VQM0FVb] C:\documents and settings\bryce\local settings\temp\66VQM0FVb.exe
O4 - HKLM\..\Run: [ELPWR] C:\documents and settings\bryce\local settings\temp\ELPWR.exe
O4 - HKLM\..\Run: [9ck0H9tnR] C:\documents and settings\bryce\local settings\temp\9ck0H9tnR.exe
O4 - HKLM\..\Run: [Bqhrlm2] C:\documents and settings\kate\local settings\temp\Bqhrlm2.exe
O4 - HKLM\..\Run: [9In] C:\documents and settings\kate\local settings\temp\9In.exe
O4 - HKLM\..\Run: [jB9e] C:\documents and settings\kate\local settings\temp\jB9e.exe
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [CIVh9w] C:\documents and settings\alan\local settings\temp\CIVh9w.exe
O4 - HKLM\..\Run: [lw] C:\documents and settings\alan\local settings\temp\lw.exe
O4 - HKLM\..\Run: [iq] C:\documents and settings\alan\local settings\temp\iq.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Billminder.lnk = C:\Program Files\quicken\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\quicken\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: eCrew Delta Technology V13100 - http://10.1.44.53/classes/cst/eCrew13100.cab
O16 - DPF: eCrew Delta Technology V13112 - http://10.1.44.53/classes/cst/eCrew13112.cab
O16 - DPF: eCrew Delta Technology V1333 - http://10.1.44.53/classes/cst/eCrew1333.cab
O16 - DPF: eCrew Delta Technology V1361 - http://10.1.44.53/classes/cst/eCrew1361.cab
O16 - DPF: eCrew Delta Technology V1372 - http://10.1.44.53/classes/cst/eCrew1372.cab
O16 - DPF: eCrew Delta Technology V1381 - http://10.1.44.53/classes/cst/eCrew1381.cab
O16 - DPF: eCrew Delta Technology V1397 - http://10.1.44.53/classes/cst/eCrew1397.cab
O16 - DPF: eCrew Delta Technology V1410 - http://10.1.44.53/classes/cst/eCrew1410.cab
O16 - DPF: eCrew Delta Technology V14120 - http://ecrew.delta-air.com/eCrew14120.cab
O16 - DPF: eCrew Delta Technology V14141 - http://ecrew.delta-air.com/eCrew14141.cab
O16 - DPF: eCrew Delta Technology V14169 - http://ecrew.delta-air.com/eCrew14169.cab
O16 - DPF: eCrew Delta Technology V1472 - http://ecrew.delta-air.com/eCrew1472.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/257bae80c7b366706a00/netzip/RdxIE601.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.58-deleon/GoogleNav.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://images.ancestry.com/asfiles/files/install/MFImgVwr.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/generic/wtwdinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D8F595EF-81B1-47A5-8CC4-F7DA44B5FF64} (ImagePreview Class) - http://images.ancestry.com/asfiles/files/install/MFImgVwr.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.m-w.com/tools/toolbar/cabs/m-w.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0