Tech Support Forum - View Single Post - Problems with puppyboyz and others..Please help Thanx

shawn30 · 11-30-2004, 11:08 PM

thanks for the reply, i have ran spybot and removed a few items, also i ran the vx2 cleaner in adware and said system was clean. so here is my hijackthis log again:
Logfile of HijackThis v1.98.2
Scan saved at 1

40 AM, on 12/1/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\syscfg32.exe
C:\WINDOWS\System32\winstr32.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\scvhosting.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DFUTFKZ.EXE
C:\WINDOWS\System32\soundblaster.exe
C:\WINDOWS\System32\rpcxWindows.exe
C:\WINDOWS\System32\uzpdate2.exe
C:\index.exe
C:\WINDOWS\System32\mswin32.exe
C:\dipset.exe
C:\WINDOWS\System32\dlll32.exe
C:\WINDOWS\System32\winnt.exe
C:\WINDOWS\System32\scvhost32.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\WINDOWS\System32\msrpc32.exe
C:\WINDOWS\System32\systemupdate.exe
C:\WINDOWS\System32\tbctray.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\msrpc32.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Dell\Solution Center\Service.exe
C:\Program Files\Audiogalaxy Satellite\AGSatellite.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
C:\Program Files\Spyware Doctor2\spydoctor.exe
C:\Documents and Settings\default\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liveaudiowrestling.com/wo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/d.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liveaudiowrestling.com/wo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.liveaudiowrestling.com/wo/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://registration.iwon.com/reg/register.jsp"); (C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\jaml6v17.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\jaml6v17.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL (file missing)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [QuickKaz] C:\PROGRA~1\COMMON~2\QUICKKAZ.EXE
O4 - HKLM\..\Run: [windows sockets start up 32] DFUTFKZ.EXE
O4 - HKLM\..\Run: [A907864B] C:\WINDOWS\System32\fhwlyqqtuugtuc.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\Run: [Micr Update] soundblaster.exe
O4 - HKLM\..\Run: [Microsoft Windows Secure Server] rpcxWindows.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bzmhzv.exe
O4 - HKLM\..\Run: [Win32 exe file] winstr32.exe
O4 - HKLM\..\Run: [zerzvpack2] uzpdate2.exe
O4 - HKLM\..\Run: [REEGRUN] C:\index.exe
O4 - HKLM\..\Run: [Microsoft Update Service] mswin32.exe
O4 - HKLM\..\Run: [Printer] C:\dipset.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Windows service] dlll32.exe
O4 - HKLM\..\Run: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\Run: [Microsoft SCVHOST32 Protocol] scvhost32.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [MS Remote Procedure Call] msrpc32.exe
O4 - HKLM\..\Run: [Windows Update Service 2004/2005] systemupdate.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] wkssvrs.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Secure Server] rpcxWindows.exe
O4 - HKLM\..\RunServices: [Win32 exe file] winstr32.exe
O4 - HKLM\..\RunServices: [zerzvpack2] uzpdate2.exe
O4 - HKLM\..\RunServices: [Microsoft Update Service] mswin32.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Windows service] dlll32.exe
O4 - HKLM\..\RunServices: [Networks Configurator] NetConfs.exe
O4 - HKLM\..\RunServices: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\RunServices: [Microsoft SCVHOST32 Protocol] scvhost32.exe
O4 - HKLM\..\RunServices: [Media service] system64.exe
O4 - HKLM\..\RunServices: [MS Remote Procedure Call] msrpc32.exe
O4 - HKLM\..\RunServices: [Windows Update Service 2004/2005] systemupdate.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\RunOnce: [Win32 exe file] winstr32.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [IM] C:\program files\instant messenger\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] syscfg32.exe
O4 - HKCU\..\Run: [Micr Update] soundblaster.exe
O4 - HKCU\..\Run: [Microsoft Windows Secure Server] rpcxWindows.exe
O4 - HKCU\..\Run: [Win32 exe file] winstr32.exe
O4 - HKCU\..\Run: [Mpig] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Microsoft SCVHOST32 Protocol] scvhost32.exe
O4 - HKCU\..\Run: [MS Remote Procedure Call] msrpc32.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\RunOnce: [windows sockets start up 32] DFUTFKZ.EXE
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe
O4 - HKCU\..\RunOnce: [Win32 exe file] winstr32.exe
O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Dell Service.lnk = C:\Program Files\Dell\Solution Center\Service.exe
O4 - Global Startup: AGSatellite.lnk = C:\Program Files\Audiogalaxy Satellite\AGSatellite.exe
O4 - Global Startup: webdav.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O9 - Extra button: Searchalot - {7B985F41-2B47-44BC-8A9E-667962007DF2} - http://www.searchalot.com (file missing) (HKCU)
O9 - Extra button: Downloads - {C17EAA05-02BF-4F65-9D9C-7E796CDA7806} - http://www.downloadalot.com (file missing) (HKCU)
O9 - Extra button: Netnews - {EDD7E91B-F195-403E-BD6F-3C4E1734802C} - news:worldnet.help.new-users (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100062718335
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {C3EA8E65-D0DD-486D-80DA-BCCEB4B63B4E} - http://cc.excite.com/pm3/x8pm_4_1,0,2,5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{867ED228-7E4F-4C47-B2C5-0A1EEDC4DF2B}: NameServer = 207.69.188.187 207.69.188.186

11-30-2004, 11:08 PM	#3 (permalink)
shawn30 Registered User Join Date: Nov 2004 Posts: 9 OS: XP	response thanks for the reply, i have ran spybot and removed a few items, also i ran the vx2 cleaner in adware and said system was clean. so here is my hijackthis log again: Logfile of HijackThis v1.98.2 Scan saved at 140 AM, on 12/1/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\syscfg32.exe C:\WINDOWS\System32\winstr32.exe C:\WINDOWS\System32\msmsgs.exe C:\WINDOWS\System32\scvhosting.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\DFUTFKZ.EXE C:\WINDOWS\System32\soundblaster.exe C:\WINDOWS\System32\rpcxWindows.exe C:\WINDOWS\System32\uzpdate2.exe C:\index.exe C:\WINDOWS\System32\mswin32.exe C:\dipset.exe C:\WINDOWS\System32\dlll32.exe C:\WINDOWS\System32\winnt.exe C:\WINDOWS\System32\scvhost32.exe C:\Program Files\EarthLink 5.0\ConMgr.exe C:\WINDOWS\System32\msrpc32.exe C:\WINDOWS\System32\systemupdate.exe C:\WINDOWS\System32\tbctray.exe C:\PROGRA~1\MESSEN~1\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\msrpc32.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Dell\Solution Center\Service.exe C:\Program Files\Audiogalaxy Satellite\AGSatellite.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe C:\Program Files\Spyware Doctor2\spydoctor.exe C:\Documents and Settings\default\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe C:\PROGRA~1\INTERN~1\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ftp.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liveaudiowrestling.com/wo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/d.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liveaudiowrestling.com/wo R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.liveaudiowrestling.com/wo/ N2 - Netscape 6: user_pref("browser.startup.homepage", "http://registration.iwon.com/reg/register.jsp"); (C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\jaml6v17.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\jaml6v17.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL (file missing) O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager O4 - HKLM\..\Run: [QuickKaz] C:\PROGRA~1\COMMON~2\QUICKKAZ.EXE O4 - HKLM\..\Run: [windows sockets start up 32] DFUTFKZ.EXE O4 - HKLM\..\Run: [A907864B] C:\WINDOWS\System32\fhwlyqqtuugtuc.exe O4 - HKLM\..\Run: [Win32 USB2 Driver] syscfg32.exe O4 - HKLM\..\Run: [Micr Update] soundblaster.exe O4 - HKLM\..\Run: [Microsoft Windows Secure Server] rpcxWindows.exe O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bzmhzv.exe O4 - HKLM\..\Run: [Win32 exe file] winstr32.exe O4 - HKLM\..\Run: [zerzvpack2] uzpdate2.exe O4 - HKLM\..\Run: [REEGRUN] C:\index.exe O4 - HKLM\..\Run: [Microsoft Update Service] mswin32.exe O4 - HKLM\..\Run: [Printer] C:\dipset.exe O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe O4 - HKLM\..\Run: [starter] scvhosting.exe O4 - HKLM\..\Run: [Windows service] dlll32.exe O4 - HKLM\..\Run: [Microsoft Security Management] winnt.exe O4 - HKLM\..\Run: [Microsoft SCVHOST32 Protocol] scvhost32.exe O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe" O4 - HKLM\..\Run: [MS Remote Procedure Call] msrpc32.exe O4 - HKLM\..\Run: [Windows Update Service 2004/2005] systemupdate.exe O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe O4 - HKLM\..\RunServices: [Microsoft Updates] wkssvrs.exe O4 - HKLM\..\RunServices: [Win32 USB2 Driver] syscfg32.exe O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe O4 - HKLM\..\RunServices: [Microsoft Windows Secure Server] rpcxWindows.exe O4 - HKLM\..\RunServices: [Win32 exe file] winstr32.exe O4 - HKLM\..\RunServices: [zerzvpack2] uzpdate2.exe O4 - HKLM\..\RunServices: [Microsoft Update Service] mswin32.exe O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe O4 - HKLM\..\RunServices: [starter] scvhosting.exe O4 - HKLM\..\RunServices: [Windows service] dlll32.exe O4 - HKLM\..\RunServices: [Networks Configurator] NetConfs.exe O4 - HKLM\..\RunServices: [Microsoft Security Management] winnt.exe O4 - HKLM\..\RunServices: [Microsoft SCVHOST32 Protocol] scvhost32.exe O4 - HKLM\..\RunServices: [Media service] system64.exe O4 - HKLM\..\RunServices: [MS Remote Procedure Call] msrpc32.exe O4 - HKLM\..\RunServices: [Windows Update Service 2004/2005] systemupdate.exe O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe O4 - HKLM\..\RunOnce: [Win32 exe file] winstr32.exe O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe O4 - HKLM\..\RunOnce: [starter] scvhosting.exe O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [IM] C:\program files\instant messenger\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Win32 USB2 Driver] syscfg32.exe O4 - HKCU\..\Run: [Micr Update] soundblaster.exe O4 - HKCU\..\Run: [Microsoft Windows Secure Server] rpcxWindows.exe O4 - HKCU\..\Run: [Win32 exe file] winstr32.exe O4 - HKCU\..\Run: [Mpig] C:\WINDOWS\System32\?ttrib.exe O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe O4 - HKCU\..\Run: [starter] scvhosting.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [Microsoft SCVHOST32 Protocol] scvhost32.exe O4 - HKCU\..\Run: [MS Remote Procedure Call] msrpc32.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - HKCU\..\RunOnce: [windows sockets start up 32] DFUTFKZ.EXE O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe O4 - HKCU\..\RunOnce: [Win32 exe file] winstr32.exe O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe O4 - Global Startup: Dell Service.lnk = C:\Program Files\Dell\Solution Center\Service.exe O4 - Global Startup: AGSatellite.lnk = C:\Program Files\Audiogalaxy Satellite\AGSatellite.exe O4 - Global Startup: webdav.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU) O9 - Extra button: Searchalot - {7B985F41-2B47-44BC-8A9E-667962007DF2} - http://www.searchalot.com (file missing) (HKCU) O9 - Extra button: Downloads - {C17EAA05-02BF-4F65-9D9C-7E796CDA7806} - http://www.downloadalot.com (file missing) (HKCU) O9 - Extra button: Netnews - {EDD7E91B-F195-403E-BD6F-3C4E1734802C} - news:worldnet.help.new-users (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL= O15 - Trusted Zone: http://ad.searchsquire.com O15 - Trusted Zone: http://search.searchsquire.com O15 - Trusted Zone: http://update.searchsquire.com O15 - Trusted Zone: http://www.searchsquire.com O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100062718335 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB O16 - DPF: {C3EA8E65-D0DD-486D-80DA-BCCEB4B63B4E} - http://cc.excite.com/pm3/x8pm_4_1,0,2,5.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{867ED228-7E4F-4C47-B2C5-0A1EEDC4DF2B}: NameServer = 207.69.188.187 207.69.188.186