Tech Support Forum - View Single Post - HJT log....a few things still hanging on :(

bigjohn · 07-13-2005, 07:45 PM

Still a bit slow on startup....But again thanks for the help, big time.

Verify that you've done this properly by clicking the dropdown-arrow next to the "Full Path of File to Delete" field. The filenames you pasted will be found in there. Do not be alarmed if several of these entries do not appear. Let me know which one appeared.

These didn't appear in Killbox:
c:\windows\ipyk32.dll
c:\windows\mssh32.dll

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:40:54 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\ntol32.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DLink\Bluetooth Software\BTTray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\txvun.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\txvun.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\txvun.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\txvun.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\txvun.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\txvun.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\txvun.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {095933F6-AE92-4230-E373-22A96F9C0C5F} - C:\WINDOWS\msnu32.dll
O2 - BHO: Class - {0B1EC0AC-4B60-2E3C-6008-EA958BCC19DD} - C:\WINDOWS\ieto32.dll
O2 - BHO: Class - {116B5897-9869-1B77-3DC7-646F9CB58D2B} - C:\WINDOWS\system32\msrn32.dll
O2 - BHO: Class - {14763206-F6A7-4D6F-D4D5-2E72E367ABB1} - C:\WINDOWS\system32\apiqa32.dll
O2 - BHO: Class - {33EC6E43-4826-94FA-3A03-B94290B62B85} - C:\WINDOWS\ieij.dll
O2 - BHO: Class - {378AE8EE-0426-C141-F3C8-F6BD25766BFA} - C:\WINDOWS\iegh.dll
O2 - BHO: Class - {4EC161EA-4FC8-150B-C21E-5378B07ABE5D} - C:\WINDOWS\system32\javafq.dll
O2 - BHO: Class - {4F9E4629-7EAF-1FF6-F770-E08CAFC44CC5} - C:\WINDOWS\atlou.dll
O2 - BHO: Class - {544B7F26-ABCC-6632-0DB7-C12341FA8D26} - C:\WINDOWS\mfcco32.dll
O2 - BHO: Class - {5650AA43-7586-D4A3-49D9-D9FB154279D6} - C:\WINDOWS\system32\apilk.dll
O2 - BHO: Class - {56791174-6E86-7AEF-B404-ED9E42ABFF73} - C:\WINDOWS\winvc.dll
O2 - BHO: Class - {64E5E8FA-69A1-48F4-8963-F00907CAAF17} - C:\WINDOWS\system32\ntvx.dll
O2 - BHO: Class - {686EDB70-FD7A-B9A7-77C0-4C7E44057CFF} - C:\WINDOWS\nthq32.dll
O2 - BHO: Class - {72B3B578-A76A-7C0A-70B4-F15E624D8319} - C:\WINDOWS\system32\ntjs32.dll
O2 - BHO: Class - {73C994D2-169A-3A21-18CA-289B70E63DA3} - C:\WINDOWS\sdklb32.dll
O2 - BHO: Class - {77CD9B7C-6604-FD84-83FE-47AE9E1477C2} - C:\WINDOWS\system32\mspd32.dll
O2 - BHO: Class - {793213B8-A74C-2C0F-94D1-DD4AC65FBE45} - C:\WINDOWS\system32\mfceq32.dll
O2 - BHO: Class - {7AEF1698-E8CD-4535-C196-EAEADE211A17} - C:\WINDOWS\system32\appaa.dll
O2 - BHO: Class - {7E895675-8786-0AE8-F4FB-E7CDC57A70B8} - C:\WINDOWS\appwp32.dll
O2 - BHO: Class - {80C01395-9FF4-13F4-EE8C-750CC0B764CF} - C:\WINDOWS\javazw.dll
O2 - BHO: Class - {90706F45-D241-085D-C3F4-2CA0366EF00C} - C:\WINDOWS\system32\iprm.dll
O2 - BHO: Class - {964D3DD2-09FB-6B41-D4A8-3F2010E2B8A5} - C:\WINDOWS\iptw.dll
O2 - BHO: Class - {979130FE-70C0-35E6-DFA3-4D4D55876849} - C:\WINDOWS\atlqw.dll
O2 - BHO: Class - {97C211C9-3E29-A7D3-5DB7-A9B8789A8C69} - C:\WINDOWS\system32\sdknl32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {AC8C8EF2-B1DB-E428-AE33-869E38C4F846} - C:\WINDOWS\d3bj.dll
O2 - BHO: Class - {AD057E36-3E90-9C24-A714-A8ADE460FBF9} - C:\WINDOWS\ntxh.dll
O2 - BHO: Class - {B3205B60-1D3F-AADD-01D0-77FF30CC211B} - C:\WINDOWS\system32\atlml.dll
O2 - BHO: Class - {B4CF1A3D-BFA2-5C15-720D-3E33706227F0} - C:\WINDOWS\winyn32.dll
O2 - BHO: Class - {C70A9850-BFBE-FA80-AEBC-F027897A9AC5} - C:\WINDOWS\sdkpm32.dll
O2 - BHO: Class - {C7F1A546-4FA4-2F1E-B74E-2A722FED05AC} - C:\WINDOWS\system32\appyq32.dll
O2 - BHO: Class - {C8B127F3-B154-FA38-4A64-BAAF01543DCD} - C:\WINDOWS\system32\sysks.dll
O2 - BHO: Class - {D34815E7-66F7-C465-A083-5BABECE896F5} - C:\WINDOWS\system32\mfcsf32.dll
O2 - BHO: Class - {D59AC151-F00C-3509-5093-1C3589B36680} - C:\WINDOWS\appkj.dll
O2 - BHO: Class - {E0E5A173-0CF3-BCA9-8543-4B6252CD9DA6} - C:\WINDOWS\winao32.dll
O2 - BHO: Class - {E22C1991-1181-9BEB-C171-E0B7E631A3AF} - C:\WINDOWS\sysmu.dll
O2 - BHO: Class - {E931541A-F610-204D-5340-6A7598B41F6B} - C:\WINDOWS\system32\ieey.dll
O2 - BHO: Class - {EAF521EB-5513-475B-B2B3-4D4B1195A1B0} - C:\WINDOWS\mfcgz32.dll
O2 - BHO: Class - {FC99EFF4-58A4-239B-1E0E-184CC2DCD960} - C:\WINDOWS\system32\msls32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ipur.exe] C:\WINDOWS\ipur.exe
O4 - HKLM\..\Run: [ntol32.exe] C:\WINDOWS\ntol32.exe
O4 - HKLM\..\RunOnce: [ieqz32.exe] C:\WINDOWS\system32\ieqz32.exe
O4 - HKLM\..\RunOnce: [appxl32.exe] C:\WINDOWS\system32\appxl32.exe
O4 - HKLM\..\RunOnce: [atlqj.exe] C:\WINDOWS\atlqj.exe
O4 - HKLM\..\RunOnce: [sdkaf.exe] C:\WINDOWS\sdkaf.exe
O4 - HKLM\..\RunOnce: [appyo.exe] C:\WINDOWS\system32\appyo.exe
O4 - HKLM\..\RunOnce: [crmq.exe] C:\WINDOWS\system32\crmq.exe
O4 - HKLM\..\RunOnce: [d3gi.exe] C:\WINDOWS\d3gi.exe
O4 - HKLM\..\RunOnce: [iegn32.exe] C:\WINDOWS\system32\iegn32.exe
O4 - HKLM\..\RunOnce: [atlqm.exe] C:\WINDOWS\atlqm.exe
O4 - HKLM\..\RunOnce: [addoh.exe] C:\WINDOWS\addoh.exe
O4 - HKLM\..\RunOnce: [d3hx32.exe] C:\WINDOWS\system32\d3hx32.exe
O4 - HKLM\..\RunOnce: [addar.exe] C:\WINDOWS\system32\addar.exe
O4 - HKLM\..\RunOnce: [apinr32.exe] C:\WINDOWS\apinr32.exe
O4 - HKLM\..\RunOnce: [atlri.exe] C:\WINDOWS\system32\atlri.exe
O4 - HKLM\..\RunOnce: [crap32.exe] C:\WINDOWS\crap32.exe
O4 - HKLM\..\RunOnce: [ntsn.exe] C:\WINDOWS\ntsn.exe
O4 - HKLM\..\RunOnce: [ntne.exe] C:\WINDOWS\ntne.exe
O4 - HKLM\..\RunOnce: [d3ms32.exe] C:\WINDOWS\system32\d3ms32.exe
O4 - HKLM\..\RunOnce: [d3ee.exe] C:\WINDOWS\system32\d3ee.exe
O4 - HKLM\..\RunOnce: [ippv32.exe] C:\WINDOWS\ippv32.exe
O4 - HKLM\..\RunOnce: [msww.exe] C:\WINDOWS\msww.exe
O4 - HKLM\..\RunOnce: [d3mc.exe] C:\WINDOWS\d3mc.exe
O4 - HKLM\..\RunOnce: [iexy32.exe] C:\WINDOWS\iexy32.exe
O4 - HKLM\..\RunOnce: [ieuy.exe] C:\WINDOWS\system32\ieuy.exe
O4 - HKLM\..\RunOnce: [d3st32.exe] C:\WINDOWS\system32\d3st32.exe
O4 - HKLM\..\RunOnce: [appvi32.exe] C:\WINDOWS\system32\appvi32.exe
O4 - HKLM\..\RunOnce: [sdkqa32.exe] C:\WINDOWS\sdkqa32.exe
O4 - HKLM\..\RunOnce: [crhk.exe] C:\WINDOWS\system32\crhk.exe
O4 - HKLM\..\RunOnce: [ipab.exe] C:\WINDOWS\ipab.exe
O4 - HKLM\..\RunOnce: [iejh32.exe] C:\WINDOWS\iejh32.exe
O4 - HKLM\..\RunOnce: [mfcyw.exe] C:\WINDOWS\system32\mfcyw.exe
O4 - HKLM\..\RunOnce: [netyk32.exe] C:\WINDOWS\netyk32.exe
O4 - HKLM\..\RunOnce: [mfcbl.exe] C:\WINDOWS\mfcbl.exe
O4 - HKLM\..\RunOnce: [winay.exe] C:\WINDOWS\system32\winay.exe
O4 - HKLM\..\RunOnce: [netql.exe] C:\WINDOWS\netql.exe
O4 - HKLM\..\RunOnce: [msyw32.exe] C:\WINDOWS\msyw32.exe
O4 - HKLM\..\RunOnce: [ntlw32.exe] C:\WINDOWS\ntlw32.exe
O4 - HKLM\..\RunOnce: [cryy.exe] C:\WINDOWS\system32\cryy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addok32.exe" /s (file missing)
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

07-13-2005, 07:45 PM	#7 (permalink)
bigjohn Registered User Join Date: Sep 2004 Posts: 11 OS: XP Professional	getting there... Still a bit slow on startup....But again thanks for the help, big time. Verify that you've done this properly by clicking the dropdown-arrow next to the "Full Path of File to Delete" field. The filenames you pasted will be found in there. Do not be alarmed if several of these entries do not appear. Let me know which one appeared. These didn't appear in Killbox: c:\windows\ipyk32.dll c:\windows\mssh32.dll Here's the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 9:40:54 PM, on 7/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\ntol32.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\dpmw32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\NWTRAY.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DLink\Bluetooth Software\BTTray.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\txvun.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\txvun.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\txvun.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\txvun.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\txvun.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\txvun.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\txvun.dll/sp.html#37049 R3 - Default URLSearchHook is missing O2 - BHO: Class - {095933F6-AE92-4230-E373-22A96F9C0C5F} - C:\WINDOWS\msnu32.dll O2 - BHO: Class - {0B1EC0AC-4B60-2E3C-6008-EA958BCC19DD} - C:\WINDOWS\ieto32.dll O2 - BHO: Class - {116B5897-9869-1B77-3DC7-646F9CB58D2B} - C:\WINDOWS\system32\msrn32.dll O2 - BHO: Class - {14763206-F6A7-4D6F-D4D5-2E72E367ABB1} - C:\WINDOWS\system32\apiqa32.dll O2 - BHO: Class - {33EC6E43-4826-94FA-3A03-B94290B62B85} - C:\WINDOWS\ieij.dll O2 - BHO: Class - {378AE8EE-0426-C141-F3C8-F6BD25766BFA} - C:\WINDOWS\iegh.dll O2 - BHO: Class - {4EC161EA-4FC8-150B-C21E-5378B07ABE5D} - C:\WINDOWS\system32\javafq.dll O2 - BHO: Class - {4F9E4629-7EAF-1FF6-F770-E08CAFC44CC5} - C:\WINDOWS\atlou.dll O2 - BHO: Class - {544B7F26-ABCC-6632-0DB7-C12341FA8D26} - C:\WINDOWS\mfcco32.dll O2 - BHO: Class - {5650AA43-7586-D4A3-49D9-D9FB154279D6} - C:\WINDOWS\system32\apilk.dll O2 - BHO: Class - {56791174-6E86-7AEF-B404-ED9E42ABFF73} - C:\WINDOWS\winvc.dll O2 - BHO: Class - {64E5E8FA-69A1-48F4-8963-F00907CAAF17} - C:\WINDOWS\system32\ntvx.dll O2 - BHO: Class - {686EDB70-FD7A-B9A7-77C0-4C7E44057CFF} - C:\WINDOWS\nthq32.dll O2 - BHO: Class - {72B3B578-A76A-7C0A-70B4-F15E624D8319} - C:\WINDOWS\system32\ntjs32.dll O2 - BHO: Class - {73C994D2-169A-3A21-18CA-289B70E63DA3} - C:\WINDOWS\sdklb32.dll O2 - BHO: Class - {77CD9B7C-6604-FD84-83FE-47AE9E1477C2} - C:\WINDOWS\system32\mspd32.dll O2 - BHO: Class - {793213B8-A74C-2C0F-94D1-DD4AC65FBE45} - C:\WINDOWS\system32\mfceq32.dll O2 - BHO: Class - {7AEF1698-E8CD-4535-C196-EAEADE211A17} - C:\WINDOWS\system32\appaa.dll O2 - BHO: Class - {7E895675-8786-0AE8-F4FB-E7CDC57A70B8} - C:\WINDOWS\appwp32.dll O2 - BHO: Class - {80C01395-9FF4-13F4-EE8C-750CC0B764CF} - C:\WINDOWS\javazw.dll O2 - BHO: Class - {90706F45-D241-085D-C3F4-2CA0366EF00C} - C:\WINDOWS\system32\iprm.dll O2 - BHO: Class - {964D3DD2-09FB-6B41-D4A8-3F2010E2B8A5} - C:\WINDOWS\iptw.dll O2 - BHO: Class - {979130FE-70C0-35E6-DFA3-4D4D55876849} - C:\WINDOWS\atlqw.dll O2 - BHO: Class - {97C211C9-3E29-A7D3-5DB7-A9B8789A8C69} - C:\WINDOWS\system32\sdknl32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {AC8C8EF2-B1DB-E428-AE33-869E38C4F846} - C:\WINDOWS\d3bj.dll O2 - BHO: Class - {AD057E36-3E90-9C24-A714-A8ADE460FBF9} - C:\WINDOWS\ntxh.dll O2 - BHO: Class - {B3205B60-1D3F-AADD-01D0-77FF30CC211B} - C:\WINDOWS\system32\atlml.dll O2 - BHO: Class - {B4CF1A3D-BFA2-5C15-720D-3E33706227F0} - C:\WINDOWS\winyn32.dll O2 - BHO: Class - {C70A9850-BFBE-FA80-AEBC-F027897A9AC5} - C:\WINDOWS\sdkpm32.dll O2 - BHO: Class - {C7F1A546-4FA4-2F1E-B74E-2A722FED05AC} - C:\WINDOWS\system32\appyq32.dll O2 - BHO: Class - {C8B127F3-B154-FA38-4A64-BAAF01543DCD} - C:\WINDOWS\system32\sysks.dll O2 - BHO: Class - {D34815E7-66F7-C465-A083-5BABECE896F5} - C:\WINDOWS\system32\mfcsf32.dll O2 - BHO: Class - {D59AC151-F00C-3509-5093-1C3589B36680} - C:\WINDOWS\appkj.dll O2 - BHO: Class - {E0E5A173-0CF3-BCA9-8543-4B6252CD9DA6} - C:\WINDOWS\winao32.dll O2 - BHO: Class - {E22C1991-1181-9BEB-C171-E0B7E631A3AF} - C:\WINDOWS\sysmu.dll O2 - BHO: Class - {E931541A-F610-204D-5340-6A7598B41F6B} - C:\WINDOWS\system32\ieey.dll O2 - BHO: Class - {EAF521EB-5513-475B-B2B3-4D4B1195A1B0} - C:\WINDOWS\mfcgz32.dll O2 - BHO: Class - {FC99EFF4-58A4-239B-1E0E-184CC2DCD960} - C:\WINDOWS\system32\msls32.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [ipur.exe] C:\WINDOWS\ipur.exe O4 - HKLM\..\Run: [ntol32.exe] C:\WINDOWS\ntol32.exe O4 - HKLM\..\RunOnce: [ieqz32.exe] C:\WINDOWS\system32\ieqz32.exe O4 - HKLM\..\RunOnce: [appxl32.exe] C:\WINDOWS\system32\appxl32.exe O4 - HKLM\..\RunOnce: [atlqj.exe] C:\WINDOWS\atlqj.exe O4 - HKLM\..\RunOnce: [sdkaf.exe] C:\WINDOWS\sdkaf.exe O4 - HKLM\..\RunOnce: [appyo.exe] C:\WINDOWS\system32\appyo.exe O4 - HKLM\..\RunOnce: [crmq.exe] C:\WINDOWS\system32\crmq.exe O4 - HKLM\..\RunOnce: [d3gi.exe] C:\WINDOWS\d3gi.exe O4 - HKLM\..\RunOnce: [iegn32.exe] C:\WINDOWS\system32\iegn32.exe O4 - HKLM\..\RunOnce: [atlqm.exe] C:\WINDOWS\atlqm.exe O4 - HKLM\..\RunOnce: [addoh.exe] C:\WINDOWS\addoh.exe O4 - HKLM\..\RunOnce: [d3hx32.exe] C:\WINDOWS\system32\d3hx32.exe O4 - HKLM\..\RunOnce: [addar.exe] C:\WINDOWS\system32\addar.exe O4 - HKLM\..\RunOnce: [apinr32.exe] C:\WINDOWS\apinr32.exe O4 - HKLM\..\RunOnce: [atlri.exe] C:\WINDOWS\system32\atlri.exe O4 - HKLM\..\RunOnce: [crap32.exe] C:\WINDOWS\crap32.exe O4 - HKLM\..\RunOnce: [ntsn.exe] C:\WINDOWS\ntsn.exe O4 - HKLM\..\RunOnce: [ntne.exe] C:\WINDOWS\ntne.exe O4 - HKLM\..\RunOnce: [d3ms32.exe] C:\WINDOWS\system32\d3ms32.exe O4 - HKLM\..\RunOnce: [d3ee.exe] C:\WINDOWS\system32\d3ee.exe O4 - HKLM\..\RunOnce: [ippv32.exe] C:\WINDOWS\ippv32.exe O4 - HKLM\..\RunOnce: [msww.exe] C:\WINDOWS\msww.exe O4 - HKLM\..\RunOnce: [d3mc.exe] C:\WINDOWS\d3mc.exe O4 - HKLM\..\RunOnce: [iexy32.exe] C:\WINDOWS\iexy32.exe O4 - HKLM\..\RunOnce: [ieuy.exe] C:\WINDOWS\system32\ieuy.exe O4 - HKLM\..\RunOnce: [d3st32.exe] C:\WINDOWS\system32\d3st32.exe O4 - HKLM\..\RunOnce: [appvi32.exe] C:\WINDOWS\system32\appvi32.exe O4 - HKLM\..\RunOnce: [sdkqa32.exe] C:\WINDOWS\sdkqa32.exe O4 - HKLM\..\RunOnce: [crhk.exe] C:\WINDOWS\system32\crhk.exe O4 - HKLM\..\RunOnce: [ipab.exe] C:\WINDOWS\ipab.exe O4 - HKLM\..\RunOnce: [iejh32.exe] C:\WINDOWS\iejh32.exe O4 - HKLM\..\RunOnce: [mfcyw.exe] C:\WINDOWS\system32\mfcyw.exe O4 - HKLM\..\RunOnce: [netyk32.exe] C:\WINDOWS\netyk32.exe O4 - HKLM\..\RunOnce: [mfcbl.exe] C:\WINDOWS\mfcbl.exe O4 - HKLM\..\RunOnce: [winay.exe] C:\WINDOWS\system32\winay.exe O4 - HKLM\..\RunOnce: [netql.exe] C:\WINDOWS\netql.exe O4 - HKLM\..\RunOnce: [msyw32.exe] C:\WINDOWS\msyw32.exe O4 - HKLM\..\RunOnce: [ntlw32.exe] C:\WINDOWS\ntlw32.exe O4 - HKLM\..\RunOnce: [cryy.exe] C:\WINDOWS\system32\cryy.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addok32.exe" /s (file missing) O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe