A0159698.exe Virus?? Help

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0159698.exe



I saw this same thing in another thread "A0159698.exe", my mcafee says its a virus but it cant clean it so I need help. I thought something was wrong because my computer just seems so bogged down. I cleaned it up some yesterday, but I need help. A

Any someone could provide would be great!
Thanks

Comments

  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    Please, send a hijckthis log, Instructions are Here
  • edited February 2007
    Ok here is the Hijack Log.. I did the other scans as well I will post the resuts from the BitDefender scan next.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:30:56 PM, on 2/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\WINDOWS\system32\ps2.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    c:\program files\mcafee\msc\mcuimgr.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Adinah Israel
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
    O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\memoptimizer.exe" autostart
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
    O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
    O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
    O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
    O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
    O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
    O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
    O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
    O8 - Extra context menu item: Exalead (Beta) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luExalead.htm
    O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Gada Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGada.htm
    O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
    O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
    O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
    O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
    O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
    O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
    O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
    O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
    O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
    O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
    O8 - Extra context menu item: MSN Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMSN.htm
    O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
    O8 - Extra context menu item: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
    O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
    O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
    O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
    O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
    O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
    O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
    O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
    O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
    O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
    O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.stumbleupon.com
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126037336046
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127856517317
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Ray2soft3d400 Server (Ray2soft3d400Server) - Unknown owner - C:\Softimage\SOFT3D_4.0\mental_ray\bin\ray2Soft3D400server.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    BitDefender Online Scanner
    Scan report generated at: Sun, Feb 25, 2007 - 15:16:06

    C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S5IJ8PUF\xp-cydoor-728[1].swf=>[SWF command]

    Infected with: Trojan.SwfDL.A

    C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S5IJ8PUF\xp-cydoor-728[1].swf=>[SWF command]

    Disinfection failed

    C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S5IJ8PUF\xp-cydoor-728[1].swf=>[SWF command]

    Deleted

    C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\S5IJ8PUF\xp-cydoor-728[1].swf

    Update failed

    C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0040

    Infected with: Dropped:Application.Adware.NewDotNet.A

    C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0040

    Disinfection failed

    C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0040

    Deleted

    C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)

    Update failed

    C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0041

    Infected with: Trojan.Downloader.Swizzor.DO

    C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0041

    Disinfection failed

    C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)=>lzma_nsis0041

    Deleted

    C:\Downloads\Contest\Poser6\WarezP2P.exe=>(NSIS o)

    Update failed

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204015C0.exe=>(Quarantine-2)

    Infected with: Trojan.Winad.AE

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204015C0.exe=>(Quarantine-2)

    Disinfection failed

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\204015C0.exe=>(Quarantine-2)

    Deleted

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40E378FC.htm=>(Quarantine-2)

    Infected with: JS.Trojan.Downloader.IstBar.M

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40E378FC.htm=>(Quarantine-2)

    Disinfection failed

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40E378FC.htm=>(Quarantine-2)

    Deleted

    C:\RECYCLER\S-1-5-21-2468146815-3658631442-2080586265-1008\Dc653.exe=>wise0017

    Infected with: Trojan.Downloader.Small.BKE

    C:\RECYCLER\S-1-5-21-2468146815-3658631442-2080586265-1008\Dc653.exe=>wise0017

    Disinfection failed

    C:\RECYCLER\S-1-5-21-2468146815-3658631442-2080586265-1008\Dc653.exe=>wise0017

    Deleted

    C:\RECYCLER\S-1-5-21-2468146815-3658631442-2080586265-1008\Dc653.exe

    Update failed

    C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP577\A0159698.EXE

    Suspected of: BehavesLike:Win32.Malware

    C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP577\A0159698.EXE

    Disinfection failed

    C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP577\A0159698.EXE

    Deleted


    Thanks in advance
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    You have multible antivirus programs running.:confused: It cause conflicts against them. Your comp is not in safe.

    Please Choice only one antivirus and one firewall and shutdown anothers. Ensure that they dont start in startup :D

    Send then a fresh hijack log.
  • edited February 2007
    Ok.. I uninstalled AVG

    I didnt see anything else, I just installed AVG to see if it would clean up this mess, and it didnt.... anyway here is the new log...

    Logfile of HijackThis v1.99.1
    Scan saved at 8:53:45 AM, on 2/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Adinah Israel
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
    O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\memoptimizer.exe" autostart
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
    O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
    O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
    O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
    O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
    O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
    O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
    O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
    O8 - Extra context menu item: Exalead (Beta) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luExalead.htm
    O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Gada Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGada.htm
    O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
    O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
    O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
    O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
    O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
    O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
    O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
    O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
    O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
    O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
    O8 - Extra context menu item: MSN Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMSN.htm
    O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
    O8 - Extra context menu item: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
    O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
    O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
    O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
    O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
    O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
    O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
    O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
    O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
    O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
    O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.stumbleupon.com
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126037336046
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127856517317
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Ray2soft3d400 Server (Ray2soft3d400Server) - Unknown owner - C:\Softimage\SOFT3D_4.0\mental_ray\bin\ray2Soft3D400server.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    You have MCafee and norton. Ensure those what they are :D


    Please do the following...

    1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
    This program is for XP and Windows 2000 only!

    Double-click ATF Cleaner.exe to open it.

    Under Main select the following:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.

    Click Exit on the Main menu to close the program.

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.
  • edited February 2007
    Ok here are my logs, for some reason AVG would not let me Quarantine everything, yes I did everything you said but for some reason it only let me delete most of the things. Also I tried to do ATF four times, but it kept closing at the end, so I dont know if it really worked.



    Logfile of HijackThis v1.99.1
    Scan saved at 11:15:22 PM, on 2/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Adinah Israel
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
    O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\memoptimizer.exe" autostart
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
    O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
    O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
    O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
    O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
    O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
    O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
    O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
    O8 - Extra context menu item: Exalead (Beta) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luExalead.htm
    O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Gada Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGada.htm
    O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
    O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
    O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
    O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
    O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
    O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
    O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
    O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
    O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
    O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
    O8 - Extra context menu item: MSN Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMSN.htm
    O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
    O8 - Extra context menu item: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
    O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
    O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
    O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
    O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
    O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
    O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
    O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
    O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
    O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
    O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
    O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.stumbleupon.com
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126037336046
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127856517317
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
    O16 - DPF: {CFC01863-0CCE-43F6-8790-7A5DC52ABEC0} (VaeCtrl Control Object) - http://www.visviva.com/download/webplug/VaeCtrl.CAB
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Ray2soft3d400 Server (Ray2soft3d400Server) - Unknown owner - C:\Softimage\SOFT3D_4.0\mental_ray\bin\ray2Soft3D400server.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    A V G A n t i - S p y w a r e - S c a n R e p o r t
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    + C r e a t e d a t : 1 0 : 2 3 : 4 2 P M 2 / 2 6 / 2 0 0 7
    + S c a n r e s u l t :
    C : \ W I N D O W S \ G o l d e n P a l a c e C a s i n o P T s e t u p . e x e - > A d w a r e . C a s i n o : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

    C : \ W I N D O W S \ c p b r k p i e . o c x - > A d w a r e . C o u p o n s : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

    C : \ P r o g r a m F i l e s \ D A E M O N T o o l s \ S e t u p D T S B . e x e - > A d w a r e . S a v e N o w : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

    C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ S 5 I J 8 P U F \ x p - c y d o o r - 7 2 8 [ 1 ] . s w f - > N o t - A - V i r u s . H o a x . S W F . A l e r t e r . a : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

    : m o z i l l a . 1 3 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

    : m o z i l l a . 1 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ c n n . 1 2 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ k a b o o s e . 1 1 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

    : m o z i l l a . 1 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .

    : m o z i l l a . 1 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .

    : m o z i l l a . 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .

    : m o z i l l a . 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ a d v e r t i s i n g [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .

    : m o z i l l a . 1 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . A t d m t : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ a t d m t [ 2 ] . t x t - > T r a c k i n g C o o k i e . A t d m t : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ w w w . b u r s t b e a c o n [ 2 ] . t x t - > T r a c k i n g C o o k i e . B u r s t b e a c o n : C l e a n e d .

    : m o z i l l a . 2 4 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .

    : m o z i l l a . 2 5 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .

    : m o z i l l a . 2 6 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ b u r s t n e t [ 2 ] . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ w w w . b u r s t n e t [ 1 ] . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d .

    : m o z i l l a . 1 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ N e t s c a p e \ N S B \ P r o f i l e s \ n q p t c v 6 a . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ d o u b l e c l i c k [ 1 ] . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ f a s t c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . F a s t c l i c k : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ e h g - k a s p e r s k y l a b . h i t b o x [ 2 ] . t x t - > T r a c k i n g C o o k i e . H i t b o x : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ e h g - v i a c o m . h i t b o x [ 1 ] . t x t - > T r a c k i n g C o o k i e . H i t b o x : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ h i t b o x [ 2 ] . t x t - > T r a c k i n g C o o k i e . H i t b o x : C l e a n e d .

    C : \ R E C Y C L E R \ S - 1 - 5 - 2 1 - 1 9 2 8 7 2 5 0 7 2 - 2 3 3 7 3 5 5 6 7 7 - 1 0 1 9 2 3 7 2 - 1 0 0 8 \ D c 1 1 7 8 . t x t - > T r a c k i n g C o o k i e . L i v e p e r s o n : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ m e d i a p l e x [ 1 ] . t x t - > T r a c k i n g C o o k i e . M e d i a p l e x : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ s t a t . o n e s t a t [ 2 ] . t x t - > T r a c k i n g C o o k i e . O n e s t a t : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ a d s . p o i n t r o l l [ 1 ] . t x t - > T r a c k i n g C o o k i e . P o i n t r o l l : C l e a n e d .

    : m o z i l l a . 2 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l : C l e a n e d .

    : m o z i l l a . 2 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . R e a l : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ b s . s e r v i n g - s y s [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ s e r v i n g - s y s [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ a d o p t . s p e c i f i c c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . S p e c i f i c c l i c k : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ A d m i n i s t r a t o r \ C o o k i e s \ a d m i n i s t r a t o r @ s t a t c o u n t e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . S t a t c o u n t e r : C l e a n e d .

    : m o z i l l a . 1 8 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

    : m o z i l l a . 1 9 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

    : m o z i l l a . 2 0 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

    : m o z i l l a . 2 1 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

    : m o z i l l a . 2 2 : C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ t i r d k t 9 t . d e f a u l t \ c o o k i e s . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

    C : \ R E C Y C L E R \ S - 1 - 5 - 2 1 - 1 9 2 8 7 2 5 0 7 2 - 2 3 3 7 3 5 5 6 7 7 - 1 0 1 9 2 3 7 2 - 1 0 0 8 \ D c 1 1 1 8 . t x t - > T r a c k i n g C o o k i e . T a c o d a : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ G u e s t \ C o o k i e s \ g u e s t @ a d . y i e l d m a n a g e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : C l e a n e d .

    C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ M y D o c u m e n t s \ d o w n l o a d s \ 3 0 0 _ [ 1 ] . S c r i p t s . l o v e w a r e z . c o m \ 3 0 0 + . S c r i p t s . l o v e w a r e z . c o m \ S c r i p t s \ 2 0 0 + A D D I T I O N A L P H P A N D C G I S C R I P T S . z i p / 2 P H P . z i p / g a l l e r y _ m a k e r _ p r o _ 1 . 5 . z i p / p a t c h . e x e - > T r o j a n . P r o x c r a k . A : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .
    : R e p o r t e n d
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    Scan hijack and check this :

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Close all programs exept hijackthis and click Fix checked.

    Disable system restore : INSTRUCTIONS

    Boot comp.

    Put system restore back.

    Boot again.

    Now it seems to be Clean.
  • edited February 2007
    Ok, I have competed what you said, and it seems to be running a lot better

    Thanks

    Resolved
  • NuppiNuppi South Ostrobothnia (Finland)
    edited February 2007
    Your welcome :D
  • NuppiNuppi South Ostrobothnia (Finland)
    edited March 2007
    Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips that Short-Media offers.

    This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

    Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

    If you are not the user who started this thread, you must start a new Thread instead :)

    Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here
This discussion has been closed.