We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Roslan Hijackthis thread
Browntoa
Posts: 49,612 Forumite
in Techie Stuff
Logfile of HijackThis v1.99.0
Scan saved at 7:32:37 AM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\backup\MyDownloadFiles\hijackthis.exe\HijackThi s.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winzy.com/sweepstakes.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://winzy.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://winzy.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=LOCALHOST:12080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: Yahoo! IE Suggest - !!5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - !!724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - !!0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &RoboForm - !!724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpamBully 3 for Outlook Express] "C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Email It - C:\Program Files\QuickSend\quicksend.html
O8 - Extra context menu item: Clear Fields - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Passcards Editor - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - !!320AF880-6646-11D3-ABEE-C5DBF3571F4E} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - !!320AF880-6646-11D3-ABEE-C5DBF3571F4E} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - !!320AF880-6646-11D3-ABEE-C5DBF3571F50} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - !!320AF880-6646-11D3-ABEE-C5DBF3571F50} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: TaskBar - !!320AF880-6646-11D3-ABEE-C5DBF3571F51} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - !!320AF880-6646-11D3-ABEE-C5DBF3571F51} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Clear Fields - !!320AF880-6646-11D3-ABEE-C5DBF3571F54} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - !!320AF880-6646-11D3-ABEE-C5DBF3571F54} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: LWA - Add - !!4540C790-267C-4C9C-B95F-D7D0C92B392F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Identities - !!45DB34C3-955C-11D3-ABEF-444553540000} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - !!45DB34C3-955C-11D3-ABEF-444553540000} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - !!45DB34C3-955C-11D3-ABEF-444553540001} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - !!45DB34C3-955C-11D3-ABEF-444553540001} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: LWA - Load - !!849EC117-49C9-4932-9C0C-C15DA8DB3BB9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {B9441BD6-7896-4C41-AE26-554A61685E6C} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {B9441BD6-7896-4C41-AE26-554A61685E6C} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.clickiq.com
O15 - Trusted Zone: http://www.dell.com
O15 - Trusted Zone: http://*.electric-blue-clicks.com
O15 - Trusted Zone: http://www.gamebonus.com
O15 - Trusted Zone: www.iqportal.com
O15 - Trusted Zone: http://www.jcoc.net
O15 - Trusted Zone: http://*.king.com
O15 - Trusted Zone: www.pineconeresearch.com
O15 - Trusted Zone: www1.pineconeresearch.com
O15 - Trusted Zone: www2.pineconeresearch.com
O15 - Trusted Zone: www.reflexis.com
O15 - Trusted Zone: http://skill.skilljam.com
O15 - Trusted Zone: http://www.ts25.com
O15 - Trusted Zone: http://www.valuedopinions.com
O15 - Trusted Zone: http://www.winzy.com
O15 - Trusted Zone: *.youtube.com
O16 - DPF: !!02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: !!1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47...amesLoader.cab
O16 - DPF: !!2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.permissionresearch.com/Config/CSetup_xp.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: !!49937C71-B31C-4EE4-8096-9C935DE005C9} (GBTripeak Control) - http://www.gamebonus.com/dngame/gbtripeak.cab
O16 - DPF: !!4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: !!50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
O16 - DPF: !!54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) - http://gemal.dk/browserspy/capicom.dll
O16 - DPF: !!5C882F0B-967C-4151-980D-B18E711B03B2} (GBBlitz Control) - http://www.gamebonus.com/dngame/gbblitz.cab
O16 - DPF: !!615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
O16 - DPF: !!62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49.../blockwerx.cab
O16 - DPF: !!651E822E-364A-4BA2-A5FE-F753CE421884} (GBWordDrop Control) - http://www.gamebonus.com/dngame/gbworddrop.cab
O16 - DPF: !!6944D0ED-F974-40CC-AE94-5A6ABAA2557A} (GBSolitaire Control) - http://www.gamebonus.com/dngame/gbsolitaire.cab
O16 - DPF: !!8401528F-C7D8-446D-8A01-F8DA9491FBB1} (DcaDiagCtrl Class) - http://www.consumerinput.com.edgesui...ot/BotCtrl.cab
O16 - DPF: !!8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: !!93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesui...le/dcainst.cab
O16 - DPF: !!94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46...o/wordmojo.cab
O16 - DPF: !!9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...ty/Coupons.cab
O16 - DPF: !!97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: !!9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {AAB73FA7-2F0D-4750-B86C-A12FF5EE53F0} (GBBlitz2 Control) - http://www.gamebonus.com/dngame/gbblitz2.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab
O16 - DPF: {B87F4CF3-FC0E-45FB-8564-30F3F1F7A7C7} (GBMahJongSolitaire Control) - http://www.gamebonus.com/dngame/gbmahjongsolitaire.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CA00913E-FA18-47DC-8AF7-5797E160ABB8} (GBMunchnMatchOCX New Control) - http://www.gamebonus.com/dngame/gbmunchnmatch2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/even...207/MILive.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44...ol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F7FAB51C-5552-440E-A957-63A542100824} (GBEliminati Control) - http://www.gamebonus.com/dngame/gbeliminate.cab
O16 - DPF: {F966DD44-E369-4390-A801-19D225BEB129} (GBScramble Control) - http://www.gamebonus.com/dngame/gbscramble.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - !!3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 7:32:37 AM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\backup\MyDownloadFiles\hijackthis.exe\HijackThi s.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winzy.com/sweepstakes.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://winzy.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://winzy.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=LOCALHOST:12080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: Yahoo! IE Suggest - !!5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - !!724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - !!0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &RoboForm - !!724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpamBully 3 for Outlook Express] "C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Email It - C:\Program Files\QuickSend\quicksend.html
O8 - Extra context menu item: Clear Fields - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Passcards Editor - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - !!320AF880-6646-11D3-ABEE-C5DBF3571F4E} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - !!320AF880-6646-11D3-ABEE-C5DBF3571F4E} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - !!320AF880-6646-11D3-ABEE-C5DBF3571F50} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - !!320AF880-6646-11D3-ABEE-C5DBF3571F50} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: TaskBar - !!320AF880-6646-11D3-ABEE-C5DBF3571F51} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - !!320AF880-6646-11D3-ABEE-C5DBF3571F51} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Clear Fields - !!320AF880-6646-11D3-ABEE-C5DBF3571F54} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - !!320AF880-6646-11D3-ABEE-C5DBF3571F54} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: LWA - Add - !!4540C790-267C-4C9C-B95F-D7D0C92B392F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Identities - !!45DB34C3-955C-11D3-ABEF-444553540000} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - !!45DB34C3-955C-11D3-ABEF-444553540000} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - !!45DB34C3-955C-11D3-ABEF-444553540001} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - !!45DB34C3-955C-11D3-ABEF-444553540001} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL="file:///C:/Program"]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: LWA - Load - !!849EC117-49C9-4932-9C0C-C15DA8DB3BB9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {B9441BD6-7896-4C41-AE26-554A61685E6C} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {B9441BD6-7896-4C41-AE26-554A61685E6C} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.clickiq.com
O15 - Trusted Zone: http://www.dell.com
O15 - Trusted Zone: http://*.electric-blue-clicks.com
O15 - Trusted Zone: http://www.gamebonus.com
O15 - Trusted Zone: www.iqportal.com
O15 - Trusted Zone: http://www.jcoc.net
O15 - Trusted Zone: http://*.king.com
O15 - Trusted Zone: www.pineconeresearch.com
O15 - Trusted Zone: www1.pineconeresearch.com
O15 - Trusted Zone: www2.pineconeresearch.com
O15 - Trusted Zone: www.reflexis.com
O15 - Trusted Zone: http://skill.skilljam.com
O15 - Trusted Zone: http://www.ts25.com
O15 - Trusted Zone: http://www.valuedopinions.com
O15 - Trusted Zone: http://www.winzy.com
O15 - Trusted Zone: *.youtube.com
O16 - DPF: !!02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: !!1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47...amesLoader.cab
O16 - DPF: !!2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.permissionresearch.com/Config/CSetup_xp.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: !!49937C71-B31C-4EE4-8096-9C935DE005C9} (GBTripeak Control) - http://www.gamebonus.com/dngame/gbtripeak.cab
O16 - DPF: !!4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: !!50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
O16 - DPF: !!54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) - http://gemal.dk/browserspy/capicom.dll
O16 - DPF: !!5C882F0B-967C-4151-980D-B18E711B03B2} (GBBlitz Control) - http://www.gamebonus.com/dngame/gbblitz.cab
O16 - DPF: !!615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
O16 - DPF: !!62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49.../blockwerx.cab
O16 - DPF: !!651E822E-364A-4BA2-A5FE-F753CE421884} (GBWordDrop Control) - http://www.gamebonus.com/dngame/gbworddrop.cab
O16 - DPF: !!6944D0ED-F974-40CC-AE94-5A6ABAA2557A} (GBSolitaire Control) - http://www.gamebonus.com/dngame/gbsolitaire.cab
O16 - DPF: !!8401528F-C7D8-446D-8A01-F8DA9491FBB1} (DcaDiagCtrl Class) - http://www.consumerinput.com.edgesui...ot/BotCtrl.cab
O16 - DPF: !!8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: !!93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesui...le/dcainst.cab
O16 - DPF: !!94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46...o/wordmojo.cab
O16 - DPF: !!9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...ty/Coupons.cab
O16 - DPF: !!97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: !!9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {AAB73FA7-2F0D-4750-B86C-A12FF5EE53F0} (GBBlitz2 Control) - http://www.gamebonus.com/dngame/gbblitz2.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab
O16 - DPF: {B87F4CF3-FC0E-45FB-8564-30F3F1F7A7C7} (GBMahJongSolitaire Control) - http://www.gamebonus.com/dngame/gbmahjongsolitaire.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CA00913E-FA18-47DC-8AF7-5797E160ABB8} (GBMunchnMatchOCX New Control) - http://www.gamebonus.com/dngame/gbmunchnmatch2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/even...207/MILive.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44...ol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F7FAB51C-5552-440E-A957-63A542100824} (GBEliminati Control) - http://www.gamebonus.com/dngame/gbeliminate.cab
O16 - DPF: {F966DD44-E369-4390-A801-19D225BEB129} (GBScramble Control) - http://www.gamebonus.com/dngame/gbscramble.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - !!3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ex forum ambassador
Long term forum member
Long term forum member
0
Comments
-
-
download and run
- Download combofix.exe to your desktop.
- Double click on combofix.exe & follow the prompts.
- When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Ex forum ambassador
Long term forum member0 -
Ex forum ambassador
Long term forum member0 -
then post a new hijackthis log for me to look at
to save confusion please only follow my instructions on waht to remove/installEx forum ambassador
Long term forum member0 -
LSPFix- no problems found
Logfile of HijackThis v1.99.1
Scan saved at 6:45:12 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\UNZIPW~1\unzipwiz.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winzy.com/sweepstakes.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://winzy.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=LOCALHOST:12080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: Yahoo! IE Suggest - !!5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - !!724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - !!0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &RoboForm - !!724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpamBully 3 for Outlook Express] "C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Email It - C:\Program Files\QuickSend\quicksend.html
O8 - Extra context menu item: Clear Fields - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Passcards Editor - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - !!320AF880-6646-11D3-ABEE-C5DBF3571F4E} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - !!320AF880-6646-11D3-ABEE-C5DBF3571F4E} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - !!320AF880-6646-11D3-ABEE-C5DBF3571F50} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - !!320AF880-6646-11D3-ABEE-C5DBF3571F50} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: TaskBar - !!320AF880-6646-11D3-ABEE-C5DBF3571F51} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - !!320AF880-6646-11D3-ABEE-C5DBF3571F51} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Clear Fields - !!320AF880-6646-11D3-ABEE-C5DBF3571F54} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - !!320AF880-6646-11D3-ABEE-C5DBF3571F54} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: LWA - Add - !!4540C790-267C-4C9C-B95F-D7D0C92B392F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Identities - !!45DB34C3-955C-11D3-ABEF-444553540000} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - !!45DB34C3-955C-11D3-ABEF-444553540000} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - !!45DB34C3-955C-11D3-ABEF-444553540001} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - !!45DB34C3-955C-11D3-ABEF-444553540001} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: LWA - Load - !!849EC117-49C9-4932-9C0C-C15DA8DB3BB9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {B9441BD6-7896-4C41-AE26-554A61685E6C} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {B9441BD6-7896-4C41-AE26-554A61685E6C} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.clickiq.com
O15 - Trusted Zone: http://www.dell.com
O15 - Trusted Zone: http://*.electric-blue-clicks.com
O15 - Trusted Zone: http://www.gamebonus.com
O15 - Trusted Zone: www.iqportal.com
O15 - Trusted Zone: http://www.jcoc.net
O15 - Trusted Zone: http://*.king.com
O15 - Trusted Zone: www.pineconeresearch.com
O15 - Trusted Zone: www1.pineconeresearch.com
O15 - Trusted Zone: www2.pineconeresearch.com
O15 - Trusted Zone: www.reflexis.com
O15 - Trusted Zone: http://skill.skilljam.com
O15 - Trusted Zone: http://www.ts25.com
O15 - Trusted Zone: http://www.valuedopinions.com
O15 - Trusted Zone: http://*.valuedopinions.com
O15 - Trusted Zone: http://www.winzy.com
O15 - Trusted Zone: *.youtube.com
O16 - DPF: !!02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: !!1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: !!2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.permissionresearch.com/Config/CSetup_xp.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: !!49937C71-B31C-4EE4-8096-9C935DE005C9} (GBTripeak Control) - http://www.gamebonus.com/dngame/gbtripeak.cab
O16 - DPF: !!4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: !!50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: !!54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) - http://gemal.dk/browserspy/capicom.dll
O16 - DPF: !!5C882F0B-967C-4151-980D-B18E711B03B2} (GBBlitz Control) - http://www.gamebonus.com/dngame/gbblitz.cab
O16 - DPF: !!615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: !!62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: !!651E822E-364A-4BA2-A5FE-F753CE421884} (GBWordDrop Control) - http://www.gamebonus.com/dngame/gbworddrop.cab
O16 - DPF: !!6944D0ED-F974-40CC-AE94-5A6ABAA2557A} (GBSolitaire Control) - http://www.gamebonus.com/dngame/gbsolitaire.cab
O16 - DPF: !!8401528F-C7D8-446D-8A01-F8DA9491FBB1} (DcaDiagCtrl Class) - http://www.consumerinput.com.edgesuite.net/bot/BotCtrl.cab
O16 - DPF: !!8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: !!93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesuite.net/panel/maple/dcainst.cab
O16 - DPF: !!94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: !!9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/NaturesBounty/Coupons.cab
O16 - DPF: !!97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: !!9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {AAB73FA7-2F0D-4750-B86C-A12FF5EE53F0} (GBBlitz2 Control) - http://www.gamebonus.com/dngame/gbblitz2.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B87F4CF3-FC0E-45FB-8564-30F3F1F7A7C7} (GBMahJongSolitaire Control) - http://www.gamebonus.com/dngame/gbmahjongsolitaire.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CA00913E-FA18-47DC-8AF7-5797E160ABB8} (GBMunchnMatchOCX New Control) - http://www.gamebonus.com/dngame/gbmunchnmatch2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/media/5.1.3.1429-3.0.0.7207/MILive.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F7FAB51C-5552-440E-A957-63A542100824} (GBEliminati Control) - http://www.gamebonus.com/dngame/gbeliminate.cab
O16 - DPF: {F966DD44-E369-4390-A801-19D225BEB129} (GBScramble Control) - http://www.gamebonus.com/dngame/gbscramble.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - !!3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I'll send the other in another reply, too long.0 -
"Owner" - 2007-07-14 18:29:25 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))
2007-07-14 08:05 51,200 --a
C:\WINDOWS\nircmd.exe
2007-07-11 22:05 <DIR> d
C:\Program Files\AvaFind
2007-07-11 22:05 <DIR> d
C:\DOCUME~1\Owner\APPLIC~1\AvaFind Data
2007-07-11 21:15 46 --a
C:\WINDOWS\system32\DonationCoder_processtamer_InstallInfo.dat
2007-07-11 21:15 <DIR> d
C:\Program Files\ProcessTamer
2007-07-11 16:08 <DIR> d
C:\Program Files\XoftSpySE
2007-07-10 09:18 <DIR> d
C:\Program Files\WebMediaPlayer
2007-07-09 20:10 <DIR> d
C:\Program Files\Windows Defender
2007-07-07 21:24 258,048 --a
C:\Program Files\Window`s In A Box.exe
2007-07-06 13:49 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-05 22:30 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-07-05 22:30 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-07-05 22:29 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-07-05 22:28 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-07-03 09:18 <DIR> d----c--- C:\WLID Client Sample
2007-07-03 08:39 83,552 --a
C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-07-03 08:39 46,112 --a
C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-07-01 18:09 <DIR> d
C:\Program Files\iPod
2007-07-01 18:06 <DIR> d
C:\Program Files\Common Files\Apple
2007-07-01 18:06 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-01 11:59 292,583 --a--c--- C:\EasyRead15.exe
2007-07-01 11:39 <DIR> d
C:\Program Files\stickies
2007-07-01 11:39 <DIR> d
C:\DOCUME~1\Owner\APPLIC~1\stickies
2007-06-28 19:46 1,591,808 --a--c--- C:\Install FreeRAM XP Pro 1.52.exe
2007-06-28 18:11 7,424 --a
C:\WINDOWS\system32\drivers\portd2k.sys
2007-06-28 18:11 27,648 --a
C:\WINDOWS\system32\BBUninstall.exe
2007-06-28 18:11 <DIR> d
C:\Program Files\CMS Products
2007-06-27 13:20 <DIR> d
C:\WINDOWS\system32\SoftwareDistribution
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-14 19:27:40 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
2007-07-14 16:51:44
d
w C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2
2007-07-14 09:10:02
d
w C:\Program Files\LogMeIn
2007-07-14 03:19:35
d
w C:\DOCUME~1\Owner\APPLIC~1\WholeSecurity
2007-07-13 14:57:59
d
w C:\Program Files\OpenOffice.org 2.2
2007-07-13 13:29:37
d
w C:\DOCUME~1\Owner\APPLIC~1\SiteAdvisor
2007-07-13 12:22:45
d
w C:\Program Files\QuickTime
2007-07-13 12:15:10
d
w C:\Program Files\Apple Software Update
2007-07-13 09:08:09
d
w C:\DOCUME~1\Owner\APPLIC~1\PreCast
2007-07-13 08:34:45
d
w C:\Program Files\Picasa2
2007-07-07 22:39:30
d
w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-07-06 17:47:45
d
w C:\Program Files\Yahoo!
2007-07-06 04:40:17
d
w C:\DOCUME~1\Owner\APPLIC~1\wsInspector
2007-07-06 02:29:07 201 -c--a-w C:\WINDOWS\nsreg.dat
2007-07-04 13:32:47
d
w C:\Program Files\PCPitstop
2007-07-02 13:16:44 4,212 -c-h--w C:\WINDOWS\system32\zllictbl.dat
2007-07-01 22:09:16
d
w C:\Program Files\iTunes
2007-06-30 16:01:22
d
w C:\Program Files\Dell AIO Printer A920
2007-06-28 23:34:46
d
w C:\Program Files\SpywareBlaster
2007-06-28 23:32:40
d
w C:\Program Files\CCleaner
2007-06-28 22:11:51
d--h--w C:\Program Files\InstallShield Installation Information
2007-06-27 17:21:27
d--h--w C:\Program Files\WindowsUpdate
2007-06-12 03:10:49
d
w C:\Program Files\RegCure
2007-06-11 12:30:05
d
w C:\Program Files\Google
2007-06-11 11:37:46
d
w C:\Program Files\Unzip Wizard
2007-06-11 00:53:20
d
w C:\Program Files\Microsoft Calculator Plus
2007-06-08 18:48:06
d
w C:\Program Files\Games
2007-05-25 19:22:10 26,176 -c--a-w C:\WINDOWS\system32\LMIport.dll
2007-05-25 19:22:08 10,304 -c--a-w C:\WINDOWS\system32\LMImirr2.dll
2007-05-25 19:22:06 24,000 -c--a-w C:\WINDOWS\system32\LMImirr.dll
2007-05-25 19:22:04 63,040 -c--a-w C:\WINDOWS\system32\LMIinit.dll
2007-05-22 23:14:58 8,784 ----a-w C:\WINDOWS\system32\ractrlkeyhook.dll
2007-05-22 02:52:51
d
w C:\DOCUME~1\Owner\APPLIC~1\Real
2007-05-22 02:43:49
d
w C:\Program Files\Common Files\xing shared
2007-05-22 02:43:41
d
w C:\Program Files\Common Files\Real
2007-05-18 17:44:07
d
w C:\Program Files\PayPal
2007-05-16 20:15:01
d
w C:\Program Files\OpenExpert
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-26 00:08:47 262,240 ----a-w C:\WINDOWS\system32\MILiveDownload3.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2005-11-07 14:38:38 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2003-08-04 22:09:20 3,394
w C:\Program Files\main.txt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!02478D38-C3F9-4efb-9B51-7695ECA05670}]
2007-05-30 17:18 808472 --a
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!089FD14D-132B-48FC-8861-0048AE113215}]
2007-03-30 11:41 1099304 --a
C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
2007-02-23 19:04 140840 --a
C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:33 198136 --a
C:\Program Files\Yahoo!\Common\yiesrvc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!724d43a9-0d85-11d4-9908-00400523e39a}]
2007-06-08 08:45 5600312 --a--c--- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAD3A971-6A23-4246-8691-C9244E858967}]
2006-04-20 11:54 77824 --a
C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-20 09:44]
"StartFoxie"="C:\Program Files\Foxie Suite\StartFoxie.exe" [2005-11-09 10:23]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13]
"SpamBully 3 for Outlook Express"="C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" [2005-09-01 05:56]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoClose"=0 (0x0)
"MaxRecentDocs"=99 (0x63)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll --a--c--- 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
backup=C:\WINDOWS\pss\PreCast Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpeedUpMyPC.lnk]
backup=C:\WINDOWS\pss\SpeedUpMyPC.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MySurvey Messenger.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stickies.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stickies.lnk
backup=C:\WINDOWS\pss\Stickies.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared Antispam Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvaFind]
"C:\Program Files\AvaFind\AvaFind.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Consumer Input Rewarded with MyPoints, Consumer Input]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Consumer Input Rewarded with MyPoints, Consumer Input Update]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoAdware3]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBully 3 for Outlook Express]
"C:\PROGRAM FILES\AXAWARE\SPAM BULLY 3 FOR OE\SB3OE.EXE" install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartFoxie]
C:\Program Files\Foxie Suite\StartFoxie.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Survey Alert Manager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
C:\Program Files\XoftSpySE\xoftspy.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"vsmon"=3 (0x3)
"CAISafe"=3 (0x3)
"AdobeActiveFileMonitor"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RegistryMechanic"=
Contents of the 'Scheduled Tasks' folder
2007-07-13 12:15:28 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-14 12:28:00 C:\WINDOWS\tasks\Disk Cleanup.job
2007-07-14 15:36:07 C:\WINDOWS\tasks\Email Guardian Backups.job
2007-07-14 16:52:55 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-14 16:18:15 C:\WINDOWS\tasks\User_Feed_Synchronization-!!260F4DD6-2F0F-4BFD-8923-FB2CE63AC87F}.job
2007-07-14 21:00:01 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-07-14 12:13:42 C:\WINDOWS\tasks\XoftSpySE.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 18:31:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-14 18:32:49
C:\ComboFix-quarantined-files.txt ... 2007-07-14 18:32
C:\ComboFix2.txt ... 2007-07-14 08:19
--- E O F ---0 -
LSPfix has cured this for you
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
which is MUCH better !! , they should not have been thereEx forum ambassador
Long term forum member0 -
you need to run hijackthis again and put a tick against these items
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Yahoo! IE Suggest - !!5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: !!4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: !!9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...ty/Coupons.cab
then click on the Fix Checked buttonEx forum ambassador
Long term forum member0 -
then to be sure , download and run this , do a Full scan
http://www.superantispyware.com/superantispywarefreevspro.html
you want the Blue button for the free version
it may ask you to reboot at the end, do soEx forum ambassador
Long term forum member0 -
I am running the scan now, did all you suggested. Could this problem be what is causing my mouse to move erratically?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards