Thread: Need Help - Getting too many pop-ups and lock downs. HJT included
View Single Post
Old 08-20-2005, 11:23 AM   #6 (permalink)
fdeaubonne
Registered User
 
Join Date: Feb 2005
Posts: 24
OS: win xp home 2002 version Service pack 2


Wow you are right, a lot of junk remained there. I can't tell you how the computer behaves yet since i have just completed the scans. I could not not get you the Antispyware log from Trend Micro because it did not report anny infections on the second pass (Had 25 infections in the first one). In lieu i am giving you a fresh log with Spysweeper ran with updated definitions. Hope it will help.


1. Activescan log from Panda


Incident Status Location

Adware:adware/popmonster No disinfected C:\DOCUMENTS AND SETTINGS\FEDERICO VEGA\FAVORITES\SHOPPING\Ebay.url
Adware:adware/funweb No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.8-2.inf
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\banner.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\farmmext.inf
Adware:adware/effectivebrandtoolbarNo disinfected C:\WINDOWS\games.exe
Adware:adware/gator No disinfected C:\WINDOWS\GatorHDPlugin.log
Adware:adware/ncase No disinfected C:\PROGRAM FILES\FlashTalk
Spyware:spyware/dyfuca No disinfected Windows Registry
Dialer:dialer.qi No disinfected HKEY_CLASSES_ROOT\TypeLib\{9A9C9133-E640-4CA7-81C1-123FAC78855F}
Adware:Adware/Adultlt No disinfected C:\WINDOWS\system32\zivixiq.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msiaih.dll
Virus:Trj/Imk.A Disinfected C:\WINDOWS\system32\msnimk.gif
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\msfdje.gif
Adware:Adware/Ucmore No disinfected C:\WINDOWS\games.exe[IUCMORE.DLL]
Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\pinstall.dll
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Dialer:Dialer.Gen No disinfected C:\WINDOWS\tlk0262[1].exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Windows Update Setup Files\utilcat.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\blocklist.reg
Security Risk:Application/ProcessorNo disinfected C:\Documents and Settings\Federico Vega\Desktop\Hijack this\VundoFix\process.exe
Possible Virus. No disinfected C:\Documents and Settings\Federico Vega\Desktop\Hijack this\VundoFix\backups\backup-20050819-191706-208.dll
Hacktool:Hacktool/MailPassView.BNo disinfected C:\Documents and Settings\Federico Vega\Desktop\mailpv_setup.exe[mailpv.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[BB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-58be9a5f.zip[BeyondInterface.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv342.jar-19b4c7b5-575e55e9.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv342.jar-19b4c7b5-575e55e9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv342.jar-19b4c7b5-575e55e9.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv342.jar-19b4c7b5-575e55e9.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a7cd932-15fed4c0.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a7cd932-15fed4c0.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a7cd932-15fed4c0.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Federico Vega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-a7cd932-15fed4c0.zip[Installer.class]
Adware:Adware/FunWeb No disinfected C:\Program Files\MSN Messenger\riched20.dll
Possible Virus. No disinfected C:\Program Files\Betty's Beer Bar\bbb.exe
Hacktool:Hacktool/MailPassView.BNo disinfected C:\Program Files\Mail PassView\mailpv.exe
Virus:Trj/Downloader.CCX Disinfected C:\1.exe ===============================================
2. Spy sweeper lsession log ran 10mns ago (Cleaned infections)

********
12:51 PM: |··· Start of Session, Saturday, August 20, 2005 ···|
12:51 PM: Spy Sweeper started
12:51 PM: Sweep initiated using definitions version 519
12:51 PM: Starting Memory Sweep
12:54 PM: Memory Sweep Complete, Elapsed Time: 00:03:34
12:54 PM: Starting Registry Sweep
12:54 PM: Found Adware: internetoptimizer
12:54 PM: HKU\S-1-5-21-2690133624-1161744426-439199626-1005\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
12:55 PM: Registry Sweep Complete, Elapsed Time:00:00:18
12:55 PM: Starting Cookie Sweep
12:55 PM: Found Spy Cookie: adlegend cookie
12:55 PM: federico vega@adlegend[1].txt (ID = 2074)
12:55 PM: Found Spy Cookie: adprofile cookie
12:55 PM: federico vega@adprofile[1].txt (ID = 2084)
12:55 PM: Found Spy Cookie: com.com cookie
12:55 PM: federico vega@ffxcam.fairfax.com[1].txt (ID = 2446)
12:55 PM: federico vega@ffxcam.smh.com[1].txt (ID = 2446)
12:55 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:55 PM: Starting File Sweep
12:55 PM: Found Adware: gain-supported software
12:55 PM: gatorhdplugin.log (ID = 119819)
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
12:55 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
12:56 PM: Warning: Failed to open file "c:\windows\temp\perflib_perfdata_6ac.dat". The process cannot access the file because it is being used by another process
12:57 PM: Found Adware: effective-i toolbar
12:57 PM: games.exe (ID = 112529)
12:58 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{f19a8472-2db0-4c17-ae6a-ce7e907d02f6}.bin". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\federico vega\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\federico vega\ntuser.dat". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:58 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
1:04 PM: Warning: Failed to access drive F:
1:04 PM: Warning: Failed to access drive F:
1:04 PM: Warning: Failed to access drive H:
1:04 PM: Warning: Failed to access drive H:
1:04 PM: File Sweep Complete, Elapsed Time: 00:09:13
1:04 PM: Full Sweep has completed. Elapsed time 00:13:08
1:04 PM: Traces Found: 7
1:09 PM: Removal process initiated
1:09 PM: Quarantining All Traces: internetoptimizer
1:09 PM: Quarantining All Traces: adlegend cookie
1:09 PM: Quarantining All Traces: adprofile cookie
1:09 PM: Quarantining All Traces: com.com cookie
1:09 PM: Quarantining All Traces: gain-supported software
1:09 PM: Quarantining All Traces: effective-i toolbar
1:09 PM: Removal process completed. Elapsed time 00:00:10
********
1:46 PM: |··· Start of Session, Friday, August 19, 2005 ···|
1:46 PM: Spy Sweeper started
1:46 PM: Sweep initiated using definitions version 492
1:46 PM: Starting Memory Sweep
1:49 PM: Memory Sweep Complete, Elapsed Time: 00:03:48
1:49 PM: Starting Registry Sweep
1:49 PM: Found Adware: cws bestsearch.cc hijacker
1:49 PM: HKU\S-1-5-21-2690133624-1161744426-439199626-1005\software\microsoft\windows\currentversion\internet settings\zonemap\domains\dapsol.com\ (1 subtraces) (ID = 662702)
1:50 PM: Registry Sweep Complete, Elapsed Time:00:00:17
1:50 PM: Starting Cookie Sweep
1:50 PM: Found Cookie: moviemonster cookie
1:50 PM: federico vega@moviemonster[2].txt (ID = 26684)
1:50 PM: Found Cookie: ic-live cookie
1:50 PM: federico vega@ic-live[1].txt (ID = 26505)
1:50 PM: Found Cookie: 64.62.232 cookie
1:50 PM: federico vega@64.62.232[1].txt (ID = 25676)
1:50 PM: Found Cookie: tripod cookie
1:50 PM: federico vega@tripod[1].txt (ID = 27263)
1:50 PM: Found Cookie: about cookie
1:50 PM: federico vega@about[2].txt (ID = 25726)
1:50 PM: Found Cookie: go.com cookie
1:50 PM: federico vega@abcnews.go[1].txt (ID = 26413)
1:50 PM: federico vega@rsi.abcnews.go[1].txt (ID = 26413)
1:50 PM: federico vega@sports.espn.go[2].txt (ID = 26413)
1:50 PM: federico vega@go[2].txt (ID = 26412)
1:50 PM: federico vega@boardgames.about[2].txt (ID = 25727)
1:50 PM: federico vega@64.62.232[3].txt (ID = 25676)
1:50 PM: federico vega@64.62.232[2].txt (ID = 25676)
1:50 PM: federico vega@rsi.espn.go[1].txt (ID = 26413)
1:50 PM: federico vega@soccernet.espn.go[2].txt (ID = 26413)
1:50 PM: federico vega@espn.go[2].txt (ID = 26413)
1:50 PM: Found Cookie: belnk cookie
1:50 PM: federico vega@dist.belnk[1].txt (ID = 25976)
1:50 PM: federico vega@belnk[2].txt (ID = 25975)
1:50 PM: federico vega@ath.belnk[1].txt (ID = 25976)
1:50 PM: Found Cookie: yieldmanager cookie
1:50 PM: federico vega@ad.yieldmanager[1].txt (ID = 27415)
1:50 PM: Found Cookie: did-it cookie
1:50 PM: federico vega@did-it[2].txt (ID = 26204)
1:50 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
1:50 PM: Starting File Sweep
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
1:50 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
1:51 PM: Warning: Failed to open file "c:\windows\temp\perflib_perfdata_6b4.dat". The process cannot access the file because it is being used by another process
1:53 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{2f1d6611-1bc7-4c5d-88a1-a141bf4224e3}.bin". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\ntuser.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\ntuser.dat". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\temp\zlt0164c.tmp". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\temp\jet42b6.tmp". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\temp\acre.tmp". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
1:54 PM: Warning: Failed to open file "c:\documents and settings\federico vega\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
2:07 PM: Warning: Failed to access drive F:
2:07 PM: Warning: Failed to access drive F:
2:07 PM: File Sweep Complete, Elapsed Time: 00:16:45
2:07 PM: Full Sweep has completed. Elapsed time 00:20:53
2:07 PM: Traces Found: 22
2:08 PM: Removal process initiated
2:08 PM: Quarantining All Traces: cws bestsearch.cc hijacker
2:08 PM: Quarantining All Traces: moviemonster cookie
2:08 PM: Quarantining All Traces: ic-live cookie
2:09 PM: Quarantining All Traces: 64.62.232 cookie
2:09 PM: Quarantining All Traces: tripod cookie
2:09 PM: Quarantining All Traces: about cookie
2:09 PM: Quarantining All Traces: go.com cookie
2:09 PM: Quarantining All Traces: belnk cookie
2:09 PM: Quarantining All Traces: yieldmanager cookie
2:09 PM: Quarantining All Traces: did-it cookie
2:09 PM: Removal process completed. Elapsed time 00:00:21
2:18 PM: Processing Startup Alerts
2:18 PM: Removed Startup entry: WinampAgent
2:18 PM: Processing Startup Alerts
2:18 PM: Removed Startup entry: CleanUp!
12:50 PM: Updating spyware definitions
12:50 PM: Your spyware definitions have been updated.
12:51 PM: |··· End of Session, Saturday, August 20, 2005 ···|
********
1:43 PM: |··· Start of Session, Friday, August 19, 2005 ···|
1:43 PM: Spy Sweeper started
1:44 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:44 PM: Updating spyware definitions
1:44 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 PM: Updating spyware definitions
1:45 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 PM: Updating spyware definitions
1:45 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 PM: Updating spyware definitions
1:45 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:45 PM: Updating spyware definitions
1:45 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
1:46 PM: |··· End of Session, Friday, August 19, 2005 ···|

===============================================

3. Hijack this log new 5mns ago

Logfile of HijackThis v1.99.1
Scan saved at 1:21:43 PM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\Program files\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ETRUST~1\VetTray.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
D:\Program files\bin\iPodService.exe
D:\Program files\Anapod Explorer\anamgr.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Federico Vega\Desktop\Hijack this\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] d:\PROGRA~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Anapod Manager.lnk = D:\Program files\Anapod Explorer\anamgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: AntiCrash.lnk = D:\Program files\AntiCrash.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EZ Firewall.lnk = D:\Program files\eTrust EZ Firewall\ca.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .cif: C:\PROGRA~1\Internet Explorer\Plugins\npCVista.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097612563828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/ItalianToEnglish.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program files\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program files\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
fdeaubonne is offline