Options

problem..please help, hjt log here

Unknown
edited January 2006 in Spyware & Virus Removal
obviously i am very careless with the internet. my main problem is constant illegal operations from startup. i ran ad-aware and spybot and it finds problems but some are still there. any help is appreciated.

here's the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 1:47:32 AM, on 3/26/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\D3DH32.EXE
C:\WINDOWS\SYSTEM\IEKW32.EXE
C:\WINDOWS\WINSZ32.EXE
C:\WINDOWS\SYSTEM\D3FC32.EXE
C:\WINDOWS\WINLX.EXE
C:\WINDOWS\SYSTEM\APIID32.EXE
C:\WINDOWS\APINW32.EXE
C:\WINDOWS\IPVR.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\WINIA32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\CSAFE\AUTOCHK.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\SMC\SMC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\FCNAD.EXE
C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.EXE
C:\PROGRAM FILES\ESPNRUNTIME\DIGSERVICES.EXE
C:\WINDOWS\CRUO.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\IBMTOOLS\REGISTER\REMIND.EXE
C:\WINDOWS\APINW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\IPVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\IPVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\IPVR.EXE
C:\WINDOWS\SYSTEM\SYSCB32.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\IERY32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSCB32.EXE
C:\WINDOWS\ADDLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\ADDLT.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
O2 - BHO: Class - {CEB7A934-455A-7E33-2094-37FDFB344D3A} - C:\WINDOWS\SYSTEM\JAVARB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [{6B7276FF-DEEA-4b9e-8307-93F1D2AB6277}] C:\WINDOWS\DOWNLOADED PROGRAM FILES\FCNAD.EXE
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ADDWD.EXE] C:\WINDOWS\ADDWD.EXE
O4 - HKLM\..\Run: [CRUO.EXE] C:\WINDOWS\CRUO.EXE
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\private.exe internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [D3DH32.EXE] C:\WINDOWS\SYSTEM\D3DH32.EXE /s
O4 - HKLM\..\RunServices: [IEKW32.EXE] C:\WINDOWS\SYSTEM\IEKW32.EXE /s
O4 - HKLM\..\RunServices: [WINSZ32.EXE] C:\WINDOWS\WINSZ32.EXE /s
O4 - HKLM\..\RunServices: [D3FC32.EXE] C:\WINDOWS\SYSTEM\D3FC32.EXE /s
O4 - HKLM\..\RunServices: [WINLX.EXE] C:\WINDOWS\WINLX.EXE /s
O4 - HKLM\..\RunServices: [APIID32.EXE] C:\WINDOWS\SYSTEM\APIID32.EXE /s
O4 - HKLM\..\RunServices: [APINW32.EXE] C:\WINDOWS\APINW32.EXE /s
O4 - HKLM\..\RunServices: [IPVR.EXE] C:\WINDOWS\IPVR.EXE /s
O4 - HKLM\..\RunServices: [ADDLT.EXE] C:\WINDOWS\ADDLT.EXE /s
O4 - HKLM\..\RunServices: [WINIA32.EXE] C:\WINDOWS\WINIA32.EXE /s
O4 - HKLM\..\RunServices: [SYSCB32.EXE] C:\WINDOWS\SYSTEM\SYSCB32.EXE /s
O4 - HKLM\..\RunServices: [IERY32.EXE] C:\WINDOWS\IERY32.EXE /s
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Reminder.lnk = C:\IBMTOOLS\REGISTER\remind.exe
O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: palstart.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572DFUS
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: FCNAD - http://www.peoplebot.com/media/fcnad.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.158,85.255.112.220

Comments

  • Mike1901Mike1901
    edited January 2006
    Owch, this looks nasty!

    For now, please do the following (for the last bit, you will have no internet access, so please print or take note of these instructions beforehand):

    Download Spybot S&D from http://security.kolla.de

    Run a full scan, and allow it to fix everything it finds.

    Now, reboot into Safe Mode (keep tapping F8 whilst windows is booting), and run a scan there (again with Spybot). Might be an idea to do a Safe Mode Ad-Aware scan too.

    Still in Safe Mode, launch HJT and fix all of the following if they're still there:

    O4 - HKLM\..\Run: [ADDWD.EXE] C:\WINDOWS\ADDWD.EXE
    O4 - HKLM\..\Run: [CRUO.EXE] C:\WINDOWS\CRUO.EXE
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\private.exe internat.dll,LoadMouseCarpetProfile
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [D3DH32.EXE] C:\WINDOWS\SYSTEM\D3DH32.EXE /s
    O4 - HKLM\..\RunServices: [IEKW32.EXE] C:\WINDOWS\SYSTEM\IEKW32.EXE /s
    O4 - HKLM\..\RunServices: [WINSZ32.EXE] C:\WINDOWS\WINSZ32.EXE /s
    O4 - HKLM\..\RunServices: [D3FC32.EXE] C:\WINDOWS\SYSTEM\D3FC32.EXE /s
    O4 - HKLM\..\RunServices: [WINLX.EXE] C:\WINDOWS\WINLX.EXE /s
    O4 - HKLM\..\RunServices: [APIID32.EXE] C:\WINDOWS\SYSTEM\APIID32.EXE /s
    O4 - HKLM\..\RunServices: [APINW32.EXE] C:\WINDOWS\APINW32.EXE /s
    O4 - HKLM\..\RunServices: [IPVR.EXE] C:\WINDOWS\IPVR.EXE /s
    O4 - HKLM\..\RunServices: [ADDLT.EXE] C:\WINDOWS\ADDLT.EXE /s
    O4 - HKLM\..\RunServices: [WINIA32.EXE] C:\WINDOWS\WINIA32.EXE /s
    O4 - HKLM\..\RunServices: [SYSCB32.EXE] C:\WINDOWS\SYSTEM\SYSCB32.EXE /s
    O4 - HKLM\..\RunServices: [IERY32.EXE] C:\WINDOWS\IERY32.EXE /s
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: Reminder.lnk = C:\IBMTOOLS\REGISTER\remind.exe
    O4 - Startup: palstart.exe

    Now reboot into normal mode and post a new log.

    Thanks,

    Mike
  • SpankMAWA
    edited January 2006
    ok, that part is done, here is the new log

    Logfile of HijackThis v1.99.1
    Scan saved at 11:57:48 AM, on 3/28/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\WINLX.EXE
    C:\WINDOWS\IPVR.EXE
    C:\WINDOWS\ADDLT.EXE
    C:\WINDOWS\ATLOZ.EXE
    C:\WINDOWS\APITD.EXE
    C:\WINDOWS\SDKXU.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\CSAFE\AUTOCHK.EXE
    C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\SMC\SMC.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\FCNAD.EXE
    C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.EXE
    C:\PROGRAM FILES\ESPNRUNTIME\DIGSERVICES.EXE
    C:\WINDOWS\SYSTEM\PRIVATE.EXE
    C:\WINDOWS\CRUO.EXE
    C:\PROGRAM FILES\AIM\AIM.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DPODGROUP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SDKXU.EXE
    C:\WINDOWS\ADDLT.EXE
    C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\IPVR.EXE
    C:\WINDOWS\MSUD32.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\wbpjd.dll/sp.html#11277%resultposition.net
    R3 - Default URLSearchHook is missing
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
    O2 - BHO: Class - {CEB7A934-455A-7E33-2094-37FDFB344D3A} - C:\WINDOWS\SYSTEM\JAVARB.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
    O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [{6B7276FF-DEEA-4b9e-8307-93F1D2AB6277}] C:\WINDOWS\DOWNLOADED PROGRAM FILES\FCNAD.EXE
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\private.exe internat.dll,LoadMouseCarpetProfile
    O4 - HKLM\..\Run: [CRUO.EXE] C:\WINDOWS\CRUO.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [WINLX.EXE] C:\WINDOWS\WINLX.EXE /s
    O4 - HKLM\..\RunServices: [IPVR.EXE] C:\WINDOWS\IPVR.EXE /s
    O4 - HKLM\..\RunServices: [ADDLT.EXE] C:\WINDOWS\ADDLT.EXE /s
    O4 - HKLM\..\RunServices: [ATLOZ.EXE] C:\WINDOWS\ATLOZ.EXE /s
    O4 - HKLM\..\RunServices: [APITD.EXE] C:\WINDOWS\APITD.EXE /s
    O4 - HKLM\..\RunServices: [SDKXU.EXE] C:\WINDOWS\SDKXU.EXE /s
    O4 - HKLM\..\RunServices: [MSUD32.EXE] C:\WINDOWS\MSUD32.EXE /s
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [desktop] C:\WINDOWS\SYSTEM\DPODGROUP.EXE
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE
    O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk572DFUS
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: FCNAD - http://www.peoplebot.com/media/fcnad.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.158,85.255.112.220



    thanks for your time
Sign In or Register to comment.