Thread: Multiple pieces of Malware/Adware/Spyware...
View Single Post
Old 01-05-2006, 06:51 AM   #3 (permalink)
Ei8htBall1989
Registered User
 
Join Date: Jan 2006
Posts: 15
OS: Windows XP Professional


I did notice that a few of the HJT things you had me 'fix' came back... in the future, do you want me to try fixing them again, or just leave them alone (like I did this time)?

I think I copied in all of the logs you asked for, if not, let me know.


When removing programs, I found AdwareFilterToolBar, but not STOPME~1

The following were not found by HJT when I ran the scan in safe mode:
O3 - Toolbar: AdwareFilter - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\AdwareFilterToolBar\AdwareFilter.dll
O4 - HKLM\..\Run: [BPK] C:\WINDOWS\System32\bpk.exe
O4 - HKCU\..\Run: [01 Enc] C:\DOCUME~1\ZACHSH~1\APPLIC~1\MEMOEA~1\MediaKeepLoud.exe

When trying to fix 'O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing', I received the error message
"HijackThis cannot repair O10 Winsock LSP entries.
You should use LSPFix for that, which is availale form http://www.cexx.org/lspfix.htm.

If the O10 item belongs to WebHancer, New.Net or CommonName, Spybot S&D can
remove it automatically. Spybot S&D is available from http://www.spybot.info."
There was only One option, OK.

None of the 3 folders listed exist.

During the Panda Active Scan, I received some strange error messages, one was asking for a microsoft outlook profile name and the other was a "could not connect to server" messag asking if i wanted to try again or work offline. Neither seemed to interfere with the scan though...


-- Panda Log --

Incident Status Location

Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\saie_gdf.dat
Dialer:dialer generic Not disinfected C:\PROGRAM FILES\dialers
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Adware:adware/wintools Not disinfected Windows Registry
Dialer:dialer.bb Not disinfected HKEY_CLASSES_ROOT\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@mediaplex[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@tribalfusion[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.ask.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.perf.overture.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.com.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.advertising.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.centrport.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.advertising.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.sexlist.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.paycounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.zedo.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.hitbox.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[searchportal.information.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.bravenet.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.revenue.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.maxserving.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.casalemedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/SAHAgent Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[www.shopathomeselect.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.qksrv.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.gamearena.com.au/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[ad.sensismediasmart.com.au/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.serving-sys.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[.gostats.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Elizabeth Shepherd\Application Data\Mozilla\Firefox\Profiles\default.vvf\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Elizabeth Shepherd\Application Data\Mozilla\Firefox\Profiles\default.vvf\cookies.txt[687358]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Elizabeth Shepherd\Application Data\Mozilla\Firefox\Profiles\default.vvf\cookies.txt[]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pam Shepherd\Application Data\Mozilla\Firefox\Profiles\default.w0f\cookies.txt[]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Memo Each Face\xrdcirpy.exe
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Zach Shepherd\Application Data\Mozilla\Firefox\Profiles\default.ezo\cookies.txt[]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@mediaplex[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Zach Shepherd\Cookies\zach shepherd@tribalfusion[2].txt
Virus:4096 Renamed C:\Documents and Settings\Zach Shepherd\Desktop\not used alot\8-22-05\COMPLETE USB BACKUP\PortableApps\PortableSunbird\sunbird\chrome\calendar.jar[selectAddressesDialog.js]
Virus:4096 Renamed C:\Documents and Settings\Zach Shepherd\Desktop\USB BACKUP\PortableApps\PortableSunbird\sunbird\chrome\calendar.jar[selectAddressesDialog.js]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe[bsdhooks.dll]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe[web.dll]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe[bpk.exe]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe[rinst.exe]
Possible Virus. Not disinfected C:\I386\AolCoach.cab[ACHtmfu.dll]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1007\Dc13\plugin\viewchmhlp\hh.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1007\Dc13\plugin\winaudit\WinAudit.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1007\Dc19.exe[hh.exe]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1007\Dc19.exe[WinAudit.exe]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1007\Dc9\viewchmhlp\hh.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1007\Dc9\winaudit\WinAudit.exe
Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1008\Dc2.txt
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1008\Dc22.txt
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1008\Dc5.txt
Spyware:Cookie/Lop Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1008\Dc7.txt
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\S-1-5-21-891307005-2014835873-67682326-1008\Dc8.txt
Possible Virus. Not disinfected C:\Sierra\Counter-Strike\cstrike\OGC_Re_2.5.rar[0gc_re.exe]
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temp\AolCoach.cab[ACHtmfu.dll]
Virus:Exploit/iFrame Disinfected Local Folders\Deleted Items\MAC T 0.0.6.6\~0000001.~
Virus:Exploit/iFrame Disinfected Local Folders\Deleted Items\Language\~0000001.~
Virus:Exploit/iFrame Disinfected Local Folders\Deleted Items\MAC T 6.6.b.c\~0000001.~
Virus:W32/Netsky.Z.worm Disinfected Local Folders\Deleted Items\failure notice\~0000000.~[Informations.txt .exe]
Virus:Exploit/iFrame Disinfected Local Folders\Deleted Items\Japanese lass' sexy pictures\~0000001.~
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected Local Folders\Sent Items\inst_Ally Alert 30.exe[bsdhooks.dll]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected Local Folders\Sent Items\inst_Ally Alert 30.exe[web.dll]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected Local Folders\Sent Items\inst_Ally Alert 30.exe[bpk.exe]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected Local Folders\Sent Items\inst_Ally Alert 30.exe[rinst.exe]

---------------


--- Findlop ---

Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\Administrator\Application Data

05/20/2005 08:09 PM <DIR> Gtek
10/25/2002 09:11 AM <DIR> Identities
11/13/2005 07:13 PM <DIR> Memo Each Face
04/10/2005 02:15 PM <DIR> Mozilla
10/25/2002 09:55 AM <DIR> Symantec
0 File(s) 0 bytes
5 Dir(s) 27,465,646,080 bytes free
Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\All Users\Application Data

10/23/2004 09:37 PM <DIR> Adobe
01/02/2006 11:47 AM <DIR> Avg7
10/25/2002 09:43 AM <DIR> BVRP Software
10/25/2002 09:41 AM <DIR> Dell
08/25/2003 02:21 PM 13 DirectCDUserNameE.txt
02/07/2004 11:47 AM <DIR> Kazaa Lite
11/13/2005 07:14 PM <DIR> LICENSE WIN AXIS ONE
03/31/2003 09:10 PM <DIR> Macromedia
07/30/2003 05:09 PM <DIR> MSN Messenger 6.0.0602
11/02/2002 03:50 PM <DIR> MSN6
11/22/2004 04:49 PM <DIR> nView_Profiles
04/25/2003 07:26 PM <DIR> QuickTime
10/25/2002 09:39 AM <DIR> SBSI
01/02/2006 02:28 PM <DIR> Spybot - Search & Destroy
02/22/2005 10:57 AM <DIR> Symantec
11/17/2005 06:15 PM <DIR> Viewpoint
1 File(s) 13 bytes
15 Dir(s) 27,465,641,984 bytes free
Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\Elizabeth Shepherd\Application Data

03/01/2003 07:37 AM <DIR> Adobe
10/02/2004 09:15 AM <DIR> Aim
05/21/2005 07:51 AM <DIR> Gtek
12/15/2002 05:45 PM <DIR> Help
11/11/2003 03:17 PM <DIR> ICQ
10/25/2002 09:11 AM <DIR> Identities
11/16/2004 12:57 PM <DIR> Lavasoft
08/24/2005 06:48 PM <DIR> Macromedia
11/13/2005 07:15 PM <DIR> Memo Each Face
08/24/2004 09:05 PM <DIR> Mozilla
08/04/2003 08:25 AM <DIR> Real
11/13/2005 07:13 PM <DIR> Stop meta
10/09/2005 10:23 AM <DIR> Sun
02/14/2005 04:47 PM <DIR> Symantec
08/24/2004 09:05 PM <DIR> Talkback
0 File(s) 0 bytes
15 Dir(s) 27,465,641,984 bytes free
Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\Guest\Application Data

05/20/2005 08:09 PM <DIR> Gtek
10/25/2002 09:11 AM <DIR> Identities
11/13/2005 07:13 PM <DIR> Memo Each Face
10/26/2003 12:30 PM <DIR> Real
10/25/2002 09:55 AM <DIR> Symantec
0 File(s) 0 bytes
5 Dir(s) 27,465,641,984 bytes free
Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\Pam Shepherd\Application Data

10/28/2005 07:57 PM <DIR> Adobe
11/26/2005 04:16 PM <DIR> AdobeUM
10/05/2004 07:49 PM <DIR> Aim
11/06/2002 06:51 PM 0 dm.ini
01/01/2003 01:50 PM <DIR> eGames
09/08/2005 09:06 PM 101,048 GDIPFONTCACHEV1.DAT
11/02/2002 01:21 PM <DIR> Help
11/11/2003 06:21 PM <DIR> ICQ
11/12/2002 04:39 PM <DIR> Identities
11/06/2002 06:52 PM <DIR> InterTrust
11/19/2004 08:17 PM <DIR> Lavasoft
02/17/2004 07:49 PM <DIR> Macromedia
10/28/2005 05:45 PM <DIR> Memo Each Face
08/25/2004 07:37 AM <DIR> Mozilla
08/04/2005 07:01 PM 27,217 Personal Address Book.ADR
08/01/2003 08:19 PM <DIR> Real
11/22/2005 03:06 PM <DIR> Sun
02/14/2005 07:33 PM <DIR> Symantec
08/25/2004 07:37 AM <DIR> Talkback
01/04/2006 07:05 PM <DIR> WeatherBug
3 File(s) 128,265 bytes
17 Dir(s) 27,465,637,888 bytes free
Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\Zach Shepherd\Application Data

09/18/2005 11:25 AM <DIR> .BitTornado
12/07/2004 09:35 AM <DIR> Adobe
09/04/2005 08:32 PM <DIR> AdobeUM
10/02/2004 08:25 AM <DIR> Aim
04/01/2003 04:48 PM <DIR> Alien Skin
10/23/2004 09:35 PM 0 dm.ini
09/19/2005 06:54 AM 101,048 GDIPFONTCACHEV1.DAT
11/06/2002 04:06 PM <DIR> Help
11/11/2003 09:51 AM <DIR> ICQ
01/08/2003 08:29 PM <DIR> Identities
03/14/2004 02:54 PM <DIR> Kontiki
01/02/2006 11:57 AM <DIR> Lavasoft
04/01/2003 04:04 PM <DIR> Macromedia
01/02/2006 06:26 PM <DIR> Memo Each Face
08/24/2004 08:58 PM <DIR> Mozilla
05/28/2004 10:42 AM <DIR> MSN6
10/24/2004 01:13 PM <DIR> pdf995
05/30/2004 03:53 PM <DIR> Real
01/02/2006 06:26 PM <DIR> Stop meta
09/19/2005 08:53 AM <DIR> Sun
09/20/2005 06:37 PM 83 sversion.ini
02/22/2005 10:36 AM <DIR> Symantec
08/24/2004 08:58 PM <DIR> Talkback
09/25/2005 01:33 PM <DIR> teamspeak2
10/12/2004 05:04 PM <DIR> Ventrilo
06/08/2004 07:23 PM <DIR> Xfire
3 File(s) 101,131 bytes
23 Dir(s) 27,465,637,888 bytes free
Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\Default User\Application Data

10/25/2002 09:57 AM <DIR> .
10/25/2002 09:57 AM <DIR> ..
08/31/2001 08:53 AM 62 DESKTOP.INI
1 File(s) 62 bytes
2 Dir(s) 27,465,637,888 bytes free
Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 1C41-BC23

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A0A9CD9D91A67E41.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\progra~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Zach Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/14/2004 22:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/27/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'A247B21990102599.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\elizab~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Elizabeth Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/10/2005 16:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/23/1996
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'A327A5AF90005FEB.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\elizab~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Elizabeth Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/10/2005 16:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/18/2001
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'A6B728339198A08B.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\elizab~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Elizabeth Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/10/2005 16:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/20/1996
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'A8938F6D91E803AD.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\elizab~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Elizabeth Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/10/2005 16:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/15/1997
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'A93CFA75916F7919.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\progra~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Zach Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/14/2004 22:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/07/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AB5B0A71912C808D.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\elizab~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Elizabeth Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/10/2005 16:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/23/1996
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AC5C03A29357BD96.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\zachsh~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Zach Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 12/03/2005 17:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/01/2001
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Ad-Aware SE Personal.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe'
Parameters: ''
WorkingDirectory: 'C:\PROGRA~1\Lavasoft\AD-AWA~1'
Comment: ''
Creator: 'Zach Shepherd'
Priority: NORMAL
MaxRunTime: INFINITE
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 12/19/2005 18:00:00
NextRun: 01/09/2006 18:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 1
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .M.....
StartDate: 11/09/2004
EndDate: 00/00/0000
StartTime: 18:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AD2A1D12918592DA.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\elizab~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Elizabeth Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/10/2005 16:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/10/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AF47999291980B32.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\elizab~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Elizabeth Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/10/2005 16:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/24/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AFFCA9F091875B0C.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\elizab~1\applic~1\memoea~1\AtomPop2.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Elizabeth Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/10/2005 16:00:00
NextRun: 01/05/2006 9:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/09/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'dfrg.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\WINDOWS\System32\defrag.exe'
Parameters: 'c:'
WorkingDirectory: 'C:\WINDOWS\System32'
Comment: ''
Creator: 'Zach Shepherd'
Priority: NORMAL
MaxRunTime: INFINITE
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 12/19/2005 20:00:00
NextRun: 01/09/2006 20:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .M.....
StartDate: 11/09/2004
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Scan my computer - Zach Shepherd.job
'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe'
Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Zach Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 09/09/2005 20:00:00
NextRun: 01/06/2006 20:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 02/22/2005
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec Drmc.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe'
Parameters: ' /CUSTOM /SCHEDULE'
WorkingDirectory: ''
Comment: ''
Creator: 'Pam Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 30
IdleDeadline: 0
MostRecentRun: 09/04/2005 0:00:02
NextRun: 01/06/2006 0:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/14/2005
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Zach Shepherd'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/05/2006 8:40:00
NextRun: 01/05/2006 8:45:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 01/05/2006
EndDate: 00/00/0000
StartTime: 08:15
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

---------------


----- HJT -----

anLogfile of HijackThis v1.99.1
Scan saved at 8:45:57 AM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iomrhmimhgdt.com/KZe3t6V9...hTLRorRTF.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uzfumpjujrsjsxzovzjnduy.c...HqvLAMdl8.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [DesktopX] C:\Program Files\Object Desktop\WinStyles\DesktopX.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [01 Enc] C:\DOCUME~1\ZACHSH~1\APPLIC~1\MEMOEA~1\MediaKeepLoud.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\refresh.exe
O4 - Global Startup: Splash.lnk = C:\Program Files\Iomega\Tools_NT\splash.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AOL IM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unlea...edLotTeleX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\iomegaaccess.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe

---------------
Ei8htBall1989 is offline