Tech Support Forum - View Single Post - Help: browser keep being redirected to ecata.info

gee_mel12 · 12-03-2007, 04:34 AM

hi there.

i really need help from this forum analysts regarding my mozilla browser. everytime i use google search engine, and when clicking on the link of the search result, instead of going to the supposed site, i got redirected to unrelated sites. E.g. when i search for 'bleach' in google and click on one of teh result, i'll be redirected to "http://ecata.info/rns/b-search/c-bleach/", then to "http://c.goclick.com/r?X=uEvgpteRndmYoczjrdUVodyZnCzlvUFeptmXnTaXnSzrmtURmtEWnDARmtqYoDeQnDIUndITntyGrvBuptaGuUFepteGue9tptaGuVa9mtATmCzvqTUQlDeV"
then to "http://www.megaclick.com/notfound/?lg=en&type=dns&tbtype=megaup&q=http://c.goclick.com/r?X=uEvgpteRndmYoczjrdUVodyZnCzlvUFeptmXnTaXnSzrmtURmtEWnDARmtqYoDeQnDIUndITntyGrvBuptaGuUFepteGue9tptaGuVa9mtATmCzvqTUQlDeV"

i need at least 3 times clicking on the link to get to the actual site.
i really need your help coz it really bothers me that sometimes the browser got directed to a porn site. i've run spyboat, but still the problem remained.
so, i run dss.exe and hijackthis on my comp and here're the logs:

Deckard's System Scanner v20071014.68
Run by user on 2007-12-03 19:01:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
32: 2007-12-03 11:01:46 UTC - RP1206 - Deckard's System Scanner Restore Point
31: 2007-12-03 01:32:14 UTC - RP1205 - System Checkpoint
30: 2007-12-01 18:30:51 UTC - RP1204 - System Checkpoint
29: 2007-11-30 18

34 UTC - RP1203 - System Checkpoint
28: 2007-11-29 17:43:15 UTC - RP1202 - System Checkpoint

-- First Restore Point --
1: 2007-10-30 06:42:09 UTC - RP1175 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 240 MiB (512 MiB recommended).

-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:51 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f331.mail.yahoo.com/ym/log...=225fimb8n7goo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1194841416932
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194841355664
O17 - HKLM\System\CCS\Services\Tcpip\..\{266843F6-4A3B-42F2-8377-715E03046743}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{31B1D999-38E0-407F-BB44-C3A546818602}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{4926B89F-53C8-406E-8945-00E3C76E2B43}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EE23DC7-DDE1-4C2E-8E6D-132D477006DF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8283336E-3FFA-463C-BBAA-7DB6A55C5473}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{83831019-7DC0-45BC-BC11-B11638458A3F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF87E49-92B7-42DE-9CE1-EA6937A3DD85}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F677D66-28F7-4F76-8CB4-9423A90FFF73}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B76C4941-3204-4DB8-8018-E9546428276A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.90 85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://www.coolbuddy.com/icon/mceleb/ico_incubas09.gif
O24 - Desktop Component 1: (no name) - http://www.coolbuddy.com/icon/mceleb/ico_incubas04.gif
O24 - Desktop Component 2: (no name) - http://www.coolbuddy.com/icon/mceleb/ico_incubas02.gif

--
End of file - 8554 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 65.ico,0
.cmd - cmdfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 56.ico,0
.chm - chm.file - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 75.ico,0
.hlp - hlpfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 75.ico,0
.inf - inffile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 56.ico,0
.ini - inifile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 56.ico,0
.js - unable to read key
.js - unable to read key
.reg - regfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 56.ico,0
.reg - regfile - shell\open\command - "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 58.ico,0
.vbs - VBSFile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Khado\Khado Icon 56.ico,0

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3500>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3500>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek MMKey>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 TSP - c:\windows\system32\drivers\klif.sys (file missing)
S3 USB-100 (Realtek RTL8150 USB 10/100 Fast Ethernet Adapter) - c:\windows\system32\drivers\rtl8150.sys <Not Verified; Realtek; Realtek 8150-series USB NIC>
S3 usbbus (LGE Mobile Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-11-28 22:32:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-11-03 and 2007-12-03 -----------------------------

2007-12-03 19:03:26 0 d-------- C:\Program Files\Trend Micro
2007-11-26 13:46:33 0 d-------- C:\Program Files\EA GAMES
2007-11-26 13:29:15 0 dr-h----- C:\Documents and Settings\user\Recent
2007-11-25 16:00:52 0 d-------- C:\Program Files\uTorrent
2007-11-24 23:41:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 23:08:34 0 d-------- C:\Program Files\CCleaner
2007-11-24 22:43:12 0 d-------- C:\Program Files\Alwil Software
2007-11-23 18:09:04 0 d-------- C:\Program Files\Fox
2007-11-23 13:44:12 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-11-23 13:44:12 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-11-23 13:44:12 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-11-12 20:48:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-12 13:13:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-11 22:59:27 0 d-------- C:\Program Files\Kaspersky Lab
2007-11-11 22:59:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-11 22:49:31 0 d-------- C:\kav
2007-11-09 00:59:12 0 d-------- C:\Documents and Settings\user\Application Data\WinRAR

-- Find3M Report ---------------------------------------------------------------

2007-10-26 23:31:52 0 d-------- C:\Program Files\WIDCOMM
2007-10-17 18:49:42 0 d-------- C:\Program Files\opacity
2007-10-09 03:32:40 0 d-------- C:\Program Files\InterVideo
2007-10-09 03:21:30 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-09-17 10:30:14 5 --a------ C:\WINDOWS\system32\SySMP3CutJoin.dat
2007-09-10 00:33:36 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [06/23/2003 10:34 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [06/23/2003 10:34 AM]
"SoundMan"="SOUNDMAN.EXE" [06/20/2003 07:55 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [06/23/2003 10:35 AM C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [07/25/2002 04:49 AM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [11/27/2003 01:16 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/28/2007 02:01 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 05:22 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [08/19/2005 02:49 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/17/2005 5:39:30 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [5/12/2006 1:33:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdwjb.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll 12/06/2005 09:16 PM 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=C:\WINDOWS\pss\Date Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk
backup=C:\WINDOWS\pss\PrecisionTime.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
C:\Program Files\Common files\updater\wupdater.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b2a8240-836d-11da-aa18-000e350ab724}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
Explore\command- G:\Flash.10.Setup.exe
Open\command- G:\Flash.10.Setup.exe
Scan for Viruses\command- G:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b2a8242-836d-11da-aa18-000e350ab724}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
Explore\command- G:\Flash.10.Setup.exe
Open\command- G:\Flash.10.Setup.exe
Scan for Viruses\command- G:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a1e23e1-8c57-11d9-a7c8-000e350ab724}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PET32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5357ef30-02d3-11db-ab6e-000e350ab724}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe msiexec.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55e831b0-0281-11dc-adb7-000e350ab724}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5acc6570-af98-11db-acde-000e350ab724}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6584ad20-a17d-11db-acbe-000e350ab724}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{761c5710-441a-11dc-ae55-000e350ab724}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
Explore\command- G:\Flash.10.Setup.exe
Open\command- G:\Flash.10.Setup.exe
Scan for Viruses\command- G:\Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dbd3110-f3f1-11db-ad8b-000e350ab724}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dbd3116-f3f1-11db-ad8b-000e350ab724}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98d8bf30-aaa3-11db-acd4-000e350ab724}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0d074e0-5a1d-11dc-ae9c-000e350ab724}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
Explore\command- Flash.10.Setup.exe
Open\command- Flash.10.Setup.exe
Scan for Viruses\command- Scanner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d903b0-345d-11dc-ae2b-000e350ab724}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f976bcc0-5a0d-11dc-ae9b-000e350ab724}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
Explore\command- Flash.10.Setup.exe
Open\command- Flash.10.Setup.exe
Scan for Viruses\command- Scanner.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7517 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-12-03 19:05:39 ------------

Really appreciate the help given~