Tech Support Forum - View Single Post - Popups, errorsafe.com, WinAntiSpyware2006, drivecleaner2006, etc

blotsome · 08-10-2007, 10:30 AM

Ok, first of all, thank you very much for your reply. I'll tell you that what I did last night was look at the about.com help page on reviewing hijackthis logs, and I ended up clicking for hijack this to fix all the 01-hosts listed, and maybe a few other items. However, when I started the computer today, I had spyware worse than ever before. In fact, I got a blue screen of death due to all the programs loading (sorry, didn't record the message). Also, I was locked out of the task manager (ctl - alt - del). On my next reboot (and after unplugging the internet) I was able to restore task manager control with "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" and I forced quit all sorts of junk. I had programs installing on their own (something with the initials BS). Anyway, all that said and done, I was able to get online and read this reply. First time I tried combofix, I got a blue screen saying "KERNAL_STACK_INPAGE_ERROR". I reset the computer and tried again, this time I had errors popping up in the tray saying that "cmd.exe" was corrupt and "explorer.exe" was corrupt in system volume info/_restore.../change.log. Anyway, after a bit, combofix.exe restarted and checkdisk ran, and I was able to get a log report. It is included below, as is the most recent hijack this. Thanks again for your help thusfar.

Combofix log:

ComboFix 07-08-10.8 - "Andrew" 2007-08-10 12:01:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.745 [GMT -4:00]
Command switches used :: /killall

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\partnership.dll
C:\Temp\fse
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\opnmjkj.dll
C:\WINDOWS\system32\pmkji.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NET_AGENT
-------\core
-------\DomainService
-------\Net Agent

((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))

2007-08-10 11:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 11:41 75,328 --a------ C:\WINDOWS\system32\ohrchbhm.exe
2007-08-10 11:32 30,770 --a------ C:\WINDOWS\system32\is67718.exe
2007-08-10 11:32 169,147 --a------ C:\WINDOWS\TTC-5555.exe
2007-08-10 11:32 135,168 --a------ C:\WINDOWS\tk68.exe
2007-08-10 11:31 86,056 --a------ C:\WINDOWS\system32\install.exe
2007-08-10 11:31 8,782 --a------ C:\WINDOWS\system32\waverevenue.exe
2007-08-10 11:31 67,584 --a------ C:\WINDOWS\system32\l3acdb.dll
2007-08-10 11:31 115,606 --a------ C:\WINDOWS\system32\skna455101.exe
2007-08-09 12:15 <DIR> d-------- C:\Deckard
2007-08-09 12:11 21,312 --a------ C:\WINDOWS\choice.exe
2007-08-09 12:10 <DIR> d-------- C:\ie-spyad
2007-08-09 11:40 75,328 --a------ C:\WINDOWS\system32\apuuhtya.exe
2007-08-09 11:06 <DIR> d-------- C:\hijackthis
2007-08-03 12:57 <DIR> d-------- C:\Program Files\CDCheck
2007-07-20 14:27 <DIR> d-------- C:\Program Files\CKM

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 11:55 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-10 11:32 639 --a------ C:\WINDOWS\system32\drivers\star.gif
2007-08-10 11:32 550 --a------ C:\WINDOWS\system32\drivers\star_small.gif
2007-08-10 11:32 49 --a------ C:\WINDOWS\system32\drivers\spacer.gif
2007-08-10 11:32 425 --a------ C:\WINDOWS\system32\drivers\star_gray.gif
2007-08-10 11:32 3877 --a------ C:\WINDOWS\system32\drivers\warning_icon.gif
2007-08-10 11:32 291 --a------ C:\WINDOWS\system32\drivers\v.gif
2007-08-10 11:32 283 --a------ C:\WINDOWS\system32\drivers\x.gif
2007-08-10 11:32 223 --a------ C:\WINDOWS\system32\drivers\star_gray_small.gif
2007-08-10 11:32 2090 --a------ C:\WINDOWS\system32\drivers\shadow.jpg
2007-08-10 11:32 1791 --a------ C:\WINDOWS\system32\drivers\win_logo.gif
2007-08-10 11:32 13618 --a------ C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-08-10 11:31 979 --a------ C:\WINDOWS\system32\drivers\product_2_name_small.gif
2007-08-10 11:31 918 --a------ C:\WINDOWS\system32\drivers\s_detect.htm
2007-08-10 11:31 837 --a------ C:\WINDOWS\system32\drivers\blank.gif
2007-08-10 11:31 835 --a------ C:\WINDOWS\system32\drivers\style.css
2007-08-10 11:31 6575 --a------ C:\WINDOWS\system32\drivers\remove_spyware_button.gif
2007-08-10 11:31 65 --a------ C:\WINDOWS\system32\drivers\sep_hor.gif
2007-08-10 11:31 64 --a------ C:\WINDOWS\system32\drivers\close_icon.gif
2007-08-10 11:31 6373 --a------ C:\WINDOWS\system32\drivers\secuity_center_logo.gif
2007-08-10 11:31 53 --a------ C:\WINDOWS\system32\drivers\sep_vert.gif
2007-08-10 11:31 48933 --a------ C:\WINDOWS\system32\drivers\pt.htm
2007-08-10 11:31 4723 --a------ C:\WINDOWS\system32\drivers\detect.htm
2007-08-10 11:31 360 --a------ C:\WINDOWS\system32\drivers\header_bg.gif
2007-08-10 11:31 3080 --a------ C:\WINDOWS\system32\drivers\product_3_header.gif
2007-08-10 11:31 2922 --a------ C:\WINDOWS\system32\drivers\footer_back.jpg
2007-08-10 11:31 28459 --a------ C:\WINDOWS\system32\drivers\header_1.gif
2007-08-10 11:31 2604 --a------ C:\WINDOWS\system32\drivers\product_1_header.gif
2007-08-10 11:31 2238 --a------ C:\WINDOWS\system32\drivers\download_box.gif
2007-08-10 11:31 2214 --a------ C:\WINDOWS\system32\drivers\product_2_header.gif
2007-08-10 11:31 2186 --a------ C:\WINDOWS\system32\drivers\alert_icon.gif
2007-08-10 11:31 215 --a------ C:\WINDOWS\system32\drivers\main_back.gif
2007-08-10 11:31 1714 --a------ C:\WINDOWS\system32\drivers\product_3_name_small.gif
2007-08-10 11:31 1647 --a------ C:\WINDOWS\system32\drivers\button_freescan.gif
2007-08-10 11:31 1619 --a------ C:\WINDOWS\system32\drivers\button_buynow.gif
2007-08-10 11:31 15421 --a------ C:\WINDOWS\system32\drivers\header_2.gif
2007-08-10 11:31 1330 --a------ C:\WINDOWS\system32\drivers\product_features.gif
2007-08-10 11:31 1253 --a------ C:\WINDOWS\system32\drivers\product_1_name_small.gif
2007-08-10 11:31 12326 --a------ C:\WINDOWS\system32\drivers\box_3.gif
2007-08-10 11:31 12313 --a------ C:\WINDOWS\system32\drivers\box_1.gif
2007-08-10 11:31 1204 --a------ C:\WINDOWS\system32\drivers\infected.gif
2007-08-10 11:31 11927 --a------ C:\WINDOWS\system32\drivers\box_2.gif
2007-08-10 11:31 11077 --a------ C:\WINDOWS\system32\drivers\header_4.gif
2007-08-10 11:31 10260 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-08-10 11:31 10193 --a------ C:\WINDOWS\system32\drivers\header_3.gif
2007-08-10 11:31 1014 --a------ C:\WINDOWS\system32\drivers\icon_warning.gif
2007-08-10 11:30 --------- d-------- C:\Program Files\Windows NT
2007-08-09 14:28 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-09 12:03 --------- d-------- C:\Program Files\xnews
2007-08-09 11:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-13 14:49 --------- d-------- C:\Program Files\mIRC
2007-06-22 12:03 --------- d-------- C:\Program Files\WhereIsMySpace
2007-05-28 11:17 4 --a------ C:\WINDOWS\uccspecb.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 15:41 C:\WINDOWS\system32\ptipbm.dll]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 09:42]
"RevoTaskbarApp"="C:\WINDOWS\system32\RevoTask.exe" [2005-04-20 14:44]
"mp3infp"="C:\Program Files\mp3infp\mp3infp_regist.exe" [2005-04-25 11:14]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52]
"hotyge"="C:\Program Files\Windows NT\hotyge3.exe" [2007-08-07 16:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-19 13:21:20]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-19 13:21:20]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN Gaming Zone\prohdy.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkji]
C:\WINDOWS\system32\pmkji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\afbtsukA]
C:\WINDOWS\afbtsukA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo PopUpBlocker]
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eomu]
"C:\PROGRA~1\COMMON~1\PPATCH~1\mshta.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotyge]
C:\Program Files\Windows NT\hotyge22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
\Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\vxmfbmgw.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vcle]
C:\WINDOWS\?dobe\l?***.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.1\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{E1-18-8E-E2-ZN}]
C:\DOCUME~1\Andrew\LOCALS~1\Temp\thinksnet.exe CHD003

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\TISKY009.exe SKY009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

R0 IFPUSB;iriver Internet Audio Player IFP-100;C:\WINDOWS\system32\DRIVERS\ifpusb.sys
R0 UlSata;UlSata;C:\WINDOWS\system32\drivers\UlSata.sys
R0 Vax347b;Vax347b;C:\WINDOWS\system32\DRIVERS\Vax347b.sys
R0 Vax347s;Vax347s;C:\WINDOWS\system32\Drivers\Vax347s.sys
R1 mbmiodrvr;mbmiodrvr;\??\C:\WINDOWS\system32\mbmiodrvr.sys
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver;C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
R3 REVO;Service for Revo Driver (WDM);C:\WINDOWS\system32\drivers\revo.sys
R3 REVOSENS;REVOSENS;C:\WINDOWS\system32\drivers\revosens.sys
S3 UPATC;USBAT Controller Driver;C:\WINDOWS\system32\DRIVERS\upatc.sys
S4 ATMsrvc;ATM Service;C:\WINDOWS\System32\ATMsrvc.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 12:18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76CE77C0-85EF-38F6-FBB5-D5607D186745}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E21E4E-DA78-2E23-6FEE-08D89E1943D5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C53C2D4A-0301-FEF4-1A8E-9C8DF0BDDE9F}]
"pabckgdkjhcpmabfedpgphcocdekfofc"=hex:69,61,6c,69,64,68,63,62,6e,6e,6b,66,61,65,64,6b,68,6c,00,00
"oahbenfdhmfghoncnpelcgcpmakjjh"=hex:69,61,6c,69,64,68,63,62,6e,6e,6b,66,61,65,64,6b,68,6c,00,00

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 12:20:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 12:20

--- E O F ---

hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:17 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\RevoTask.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Windows NT\hotyge3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RevoTaskbarApp] C:\WINDOWS\system32\RevoTask.exe
O4 - HKLM\..\Run: [mp3infp] "C:\Program Files\mp3infp\mp3infp_regist.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [hotyge] C:\Program Files\Windows NT\hotyge3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\prohdy.html

--
End of file - 5787 bytes

08-10-2007, 10:30 AM	#3 (permalink)
blotsome Registered User Join Date: Aug 2007 Posts: 22 OS: WinXP	Re: Popups, errorsafe.com, WinAntiSpyware2006, drivecleaner2006, etc - log file inclu Ok, first of all, thank you very much for your reply. I'll tell you that what I did last night was look at the about.com help page on reviewing hijackthis logs, and I ended up clicking for hijack this to fix all the 01-hosts listed, and maybe a few other items. However, when I started the computer today, I had spyware worse than ever before. In fact, I got a blue screen of death due to all the programs loading (sorry, didn't record the message). Also, I was locked out of the task manager (ctl - alt - del). On my next reboot (and after unplugging the internet) I was able to restore task manager control with "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" and I forced quit all sorts of junk. I had programs installing on their own (something with the initials BS). Anyway, all that said and done, I was able to get online and read this reply. First time I tried combofix, I got a blue screen saying "KERNAL_STACK_INPAGE_ERROR". I reset the computer and tried again, this time I had errors popping up in the tray saying that "cmd.exe" was corrupt and "explorer.exe" was corrupt in system volume info/_restore.../change.log. Anyway, after a bit, combofix.exe restarted and checkdisk ran, and I was able to get a log report. It is included below, as is the most recent hijack this. Thanks again for your help thusfar. Combofix log: ComboFix 07-08-10.8 - "Andrew" 2007-08-10 12:01:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.745 [GMT -4:00] Command switches used :: /killall ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\All Users.\documents\settings\partnership.dll C:\Temp\fse C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\ijkmp.bak1 C:\WINDOWS\system32\ijkmp.ini C:\WINDOWS\system32\jkklm.dll C:\WINDOWS\system32\ldcore.dll C:\WINDOWS\system32\opnmjkj.dll C:\WINDOWS\system32\pmkji.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\LEGACY_FOPN -------\LEGACY_NET_AGENT -------\core -------\DomainService -------\Net Agent ((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 ))))))))))))))))))))))))))))))) 2007-08-10 11:49 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 11:41 75,328 --a------ C:\WINDOWS\system32\ohrchbhm.exe 2007-08-10 11:32 30,770 --a------ C:\WINDOWS\system32\is67718.exe 2007-08-10 11:32 169,147 --a------ C:\WINDOWS\TTC-5555.exe 2007-08-10 11:32 135,168 --a------ C:\WINDOWS\tk68.exe 2007-08-10 11:31 86,056 --a------ C:\WINDOWS\system32\install.exe 2007-08-10 11:31 8,782 --a------ C:\WINDOWS\system32\waverevenue.exe 2007-08-10 11:31 67,584 --a------ C:\WINDOWS\system32\l3acdb.dll 2007-08-10 11:31 115,606 --a------ C:\WINDOWS\system32\skna455101.exe 2007-08-09 12:15 <DIR> d-------- C:\Deckard 2007-08-09 12:11 21,312 --a------ C:\WINDOWS\choice.exe 2007-08-09 12:10 <DIR> d-------- C:\ie-spyad 2007-08-09 11:40 75,328 --a------ C:\WINDOWS\system32\apuuhtya.exe 2007-08-09 11:06 <DIR> d-------- C:\hijackthis 2007-08-03 12:57 <DIR> d-------- C:\Program Files\CDCheck 2007-07-20 14:27 <DIR> d-------- C:\Program Files\CKM (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-10 11:55 --------- d-------- C:\Program Files\MSN Gaming Zone 2007-08-10 11:32 639 --a------ C:\WINDOWS\system32\drivers\star.gif 2007-08-10 11:32 550 --a------ C:\WINDOWS\system32\drivers\star_small.gif 2007-08-10 11:32 49 --a------ C:\WINDOWS\system32\drivers\spacer.gif 2007-08-10 11:32 425 --a------ C:\WINDOWS\system32\drivers\star_gray.gif 2007-08-10 11:32 3877 --a------ C:\WINDOWS\system32\drivers\warning_icon.gif 2007-08-10 11:32 291 --a------ C:\WINDOWS\system32\drivers\v.gif 2007-08-10 11:32 283 --a------ C:\WINDOWS\system32\drivers\x.gif 2007-08-10 11:32 223 --a------ C:\WINDOWS\system32\drivers\star_gray_small.gif 2007-08-10 11:32 2090 --a------ C:\WINDOWS\system32\drivers\shadow.jpg 2007-08-10 11:32 1791 --a------ C:\WINDOWS\system32\drivers\win_logo.gif 2007-08-10 11:32 13618 --a------ C:\WINDOWS\system32\drivers\spy_away_box.jpg 2007-08-10 11:31 979 --a------ C:\WINDOWS\system32\drivers\product_2_name_small.gif 2007-08-10 11:31 918 --a------ C:\WINDOWS\system32\drivers\s_detect.htm 2007-08-10 11:31 837 --a------ C:\WINDOWS\system32\drivers\blank.gif 2007-08-10 11:31 835 --a------ C:\WINDOWS\system32\drivers\style.css 2007-08-10 11:31 6575 --a------ C:\WINDOWS\system32\drivers\remove_spyware_button.gif 2007-08-10 11:31 65 --a------ C:\WINDOWS\system32\drivers\sep_hor.gif 2007-08-10 11:31 64 --a------ C:\WINDOWS\system32\drivers\close_icon.gif 2007-08-10 11:31 6373 --a------ C:\WINDOWS\system32\drivers\secuity_center_logo.gif 2007-08-10 11:31 53 --a------ C:\WINDOWS\system32\drivers\sep_vert.gif 2007-08-10 11:31 48933 --a------ C:\WINDOWS\system32\drivers\pt.htm 2007-08-10 11:31 4723 --a------ C:\WINDOWS\system32\drivers\detect.htm 2007-08-10 11:31 360 --a------ C:\WINDOWS\system32\drivers\header_bg.gif 2007-08-10 11:31 3080 --a------ C:\WINDOWS\system32\drivers\product_3_header.gif 2007-08-10 11:31 2922 --a------ C:\WINDOWS\system32\drivers\footer_back.jpg 2007-08-10 11:31 28459 --a------ C:\WINDOWS\system32\drivers\header_1.gif 2007-08-10 11:31 2604 --a------ C:\WINDOWS\system32\drivers\product_1_header.gif 2007-08-10 11:31 2238 --a------ C:\WINDOWS\system32\drivers\download_box.gif 2007-08-10 11:31 2214 --a------ C:\WINDOWS\system32\drivers\product_2_header.gif 2007-08-10 11:31 2186 --a------ C:\WINDOWS\system32\drivers\alert_icon.gif 2007-08-10 11:31 215 --a------ C:\WINDOWS\system32\drivers\main_back.gif 2007-08-10 11:31 1714 --a------ C:\WINDOWS\system32\drivers\product_3_name_small.gif 2007-08-10 11:31 1647 --a------ C:\WINDOWS\system32\drivers\button_freescan.gif 2007-08-10 11:31 1619 --a------ C:\WINDOWS\system32\drivers\button_buynow.gif 2007-08-10 11:31 15421 --a------ C:\WINDOWS\system32\drivers\header_2.gif 2007-08-10 11:31 1330 --a------ C:\WINDOWS\system32\drivers\product_features.gif 2007-08-10 11:31 1253 --a------ C:\WINDOWS\system32\drivers\product_1_name_small.gif 2007-08-10 11:31 12326 --a------ C:\WINDOWS\system32\drivers\box_3.gif 2007-08-10 11:31 12313 --a------ C:\WINDOWS\system32\drivers\box_1.gif 2007-08-10 11:31 1204 --a------ C:\WINDOWS\system32\drivers\infected.gif 2007-08-10 11:31 11927 --a------ C:\WINDOWS\system32\drivers\box_2.gif 2007-08-10 11:31 11077 --a------ C:\WINDOWS\system32\drivers\header_4.gif 2007-08-10 11:31 10260 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg 2007-08-10 11:31 10193 --a------ C:\WINDOWS\system32\drivers\header_3.gif 2007-08-10 11:31 1014 --a------ C:\WINDOWS\system32\drivers\icon_warning.gif 2007-08-10 11:30 --------- d-------- C:\Program Files\Windows NT 2007-08-09 14:28 --------- d-------- C:\Program Files\SpywareBlaster 2007-08-09 12:03 --------- d-------- C:\Program Files\xnews 2007-08-09 11:03 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-13 14:49 --------- d-------- C:\Program Files\mIRC 2007-06-22 12:03 --------- d-------- C:\Program Files\WhereIsMySpace 2007-05-28 11:17 4 --a------ C:\WINDOWS\uccspecb.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PtiuPbmd"="ptipbm.dll" [2003-01-15 15:41 C:\WINDOWS\system32\ptipbm.dll] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 09:42] "RevoTaskbarApp"="C:\WINDOWS\system32\RevoTask.exe" [2005-04-20 14:44] "mp3infp"="C:\Program Files\mp3infp\mp3infp_regist.exe" [2005-04-25 11:14] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52] "hotyge"="C:\Program Files\Windows NT\hotyge3.exe" [2007-08-07 16:30] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-19 13:21:20] Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-19 13:21:20] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= C:\Program Files\MSN Gaming Zone\prohdy.html FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkji] C:\WINDOWS\system32\pmkji.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^TA_Start.lnk] path=C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\TA_Start.lnk backup=C:\WINDOWS\pss\TA_Start.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\afbtsukA] C:\WINDOWS\afbtsukA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eomu] "C:\PROGRA~1\COMMON~1\PPATCH~1\mshta.exe" -vt yazb [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotyge] C:\Program Files\Windows NT\hotyge22011.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater] \Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\vxmfbmgw.dll",forkonce [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vcle] C:\WINDOWS\?dobe\l?*.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying] C:\Program Files\Web Buying\v1.8.1\webbuying.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop] C:\Program Files\WinPop\winpop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{E1-18-8E-E2-ZN}] C:\DOCUME~1\Andrew\LOCALS~1\Temp\thinksnet.exe CHD003 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}] C:\WINDOWS\TISKY009.exe SKY009 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Ati HotKey Poller"=2 (0x2) R0 IFPUSB;iriver Internet Audio Player IFP-100;C:\WINDOWS\system32\DRIVERS\ifpusb.sys R0 UlSata;UlSata;C:\WINDOWS\system32\drivers\UlSata.sys R0 Vax347b;Vax347b;C:\WINDOWS\system32\DRIVERS\Vax347b.sys R0 Vax347s;Vax347s;C:\WINDOWS\system32\Drivers\Vax347s.sys R1 mbmiodrvr;mbmiodrvr;\??\C:\WINDOWS\system32\mbmiodrvr.sys R3 LKbdFlt2;Logitech Keyboard Class Filter Driver;C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys R3 REVO;Service for Revo Driver (WDM);C:\WINDOWS\system32\drivers\revo.sys R3 REVOSENS;REVOSENS;C:\WINDOWS\system32\drivers\revosens.sys S3 UPATC;USBAT Controller Driver;C:\WINDOWS\system32\DRIVERS\upatc.sys S4 ATMsrvc;ATM Service;C:\WINDOWS\System32\ATMsrvc.exe ********************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-10 12:18:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76CE77C0-85EF-38F6-FBB5-D5607D186745}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E21E4E-DA78-2E23-6FEE-08D89E1943D5}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C53C2D4A-0301-FEF4-1A8E-9C8DF0BDDE9F}] "pabckgdkjhcpmabfedpgphcocdekfofc"=hex:69,61,6c,69,64,68,63,62,6e,6e,6b,66,61,65,64,6b,68,6c,00,00 "oahbenfdhmfghoncnpelcgcpmakjjh"=hex:69,61,6c,69,64,68,63,62,6e,6e,6b,66,61,65,64,6b,68,6c,00,00 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-10 12:20:57 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-10 12:20 --- E O F --- hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:17 PM, on 8/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\system32\RevoTask.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Windows NT\hotyge3.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [RevoTaskbarApp] C:\WINDOWS\system32\RevoTask.exe O4 - HKLM\..\Run: [mp3infp] "C:\Program Files\mp3infp\mp3infp_regist.exe" O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [hotyge] C:\Program Files\Windows NT\hotyge3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\prohdy.html -- End of file - 5787 bytes