Tech Support Forum - View Single Post - HJT Failed to run. "Invalid Picture" Error message

ford66 · 06-07-2006, 11:14 PM

Ewido Log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:40:33 PM, 6/7/2006
+ Report-Checksum: BEB743FD

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{2BD8B6D2-6078-3AFC-AC19-ABE776516DC1} -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2BD8B6D2-6078-3AFC-AC19-ABE776516DC1}\ProxyStubClsid -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2BD8B6D2-6078-3AFC-AC19-ABE776516DC1}\ProxyStubClsid32 -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2BD8B6D2-6078-3AFC-AC19-ABE776516DC1}\TypeLib -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\SiteHlpr.SiteHlprObj -> Adware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\SiteHlpr.SiteHlprObj\CLSID -> Adware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\SiteHlpr.SiteHlprObj\CurVer -> Adware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\SiteHlpr.SiteHlprObj.1 -> Adware.VX2 : Cleaned with backup
HKU\S-1-5-21-3656001625-1156631218-4251244882-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0103CD4-D1CE-411A-B75B-4FEC072867F4} -> Trojan.Puper.ac : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@oxcash[2].txt -> TrackingCookie.Oxcash : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@oxcash[1].txt -> TrackingCookie.Oxcash : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@programs.wegcash[3].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@www.web-stat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@image.masterstats[3].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@programs.wegcash[4].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@yadro[4].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@northwestairlines.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@e-2dj6wjnyepdjsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@buildabear.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@tracking.g3x[1].txt -> TrackingCookie.G3x : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@yadro[3].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@gateway.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@sec1.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@ehg-mastercard.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@ehg-findlaw.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@sales.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[4].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[6].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@sec1.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@ads43.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@www.res99[1].txt -> TrackingCookie.Res99 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@data4.perf.overture[3].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\STEVE\Cookies\steve@data3.perf.overture[3].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq963C.tmp -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq964B.tmp -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq965A.tmp -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9668.tmp -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9677.tmp -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9684.tmp -> TrackingCookie.Atdmt : Cleaned with backup

::Report End

Rapport.txt:

SmitFraudFix v2.55

Scan done at 20:40:16.90, Wed 06/07/2006
Run from C:\Documents and Settings\STEVE\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}"="Security Update"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\STEVE\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Panda Log:

Incident Status Location

Adware:adware/quicksearch Not disinfected c:\windows\downloaded program files\install.inf
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:13:49 PM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1102879008\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\techbox\techbox.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1102879008\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1102879008\ee\aolsoftware.exe
c:\program files\common files\aol\1102879008\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\hjt\hjt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Starwood Toolbar - {CAC335E0-9FFB-4a59-A3F5-03B7713E937B} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Tech-In-A-Box] C:\techbox\techbox.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102879008\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Freecell Solitaire - http://presence.games.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4CBBC676-507F-11D0-B98B-000000000000} -
http://www.bc777.com/software/special/SiteHlpr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) -
http://mirror.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CAC335E0-9FFB-4A59-A3F5-03B7713E937B} (Starwood Toolbar) - http://www.starwood.com/dp/en_US/common/downloads/starpoint/toolbar/install.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0D} (ZaboCheckAndRunControl Class) - http://busobj.emcare.com:85/wijsp/distribution/ZaboIEen.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1102879008\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

And we're on our way.

06-07-2006, 11:14 PM	#5 (permalink)
ford66 Registered User Join Date: Jun 2006 Posts: 60 OS: xp	Ewido Log: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:40:33 PM, 6/7/2006 + Report-Checksum: BEB743FD + Scan result: HKLM\SOFTWARE\Classes\Interface\{2BD8B6D2-6078-3AFC-AC19-ABE776516DC1} -> Adware.MidAddle : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{2BD8B6D2-6078-3AFC-AC19-ABE776516DC1}\ProxyStubClsid -> Adware.MidAddle : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{2BD8B6D2-6078-3AFC-AC19-ABE776516DC1}\ProxyStubClsid32 -> Adware.MidAddle : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{2BD8B6D2-6078-3AFC-AC19-ABE776516DC1}\TypeLib -> Adware.MidAddle : Cleaned with backup HKLM\SOFTWARE\Classes\SiteHlpr.SiteHlprObj -> Adware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\SiteHlpr.SiteHlprObj\CLSID -> Adware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\SiteHlpr.SiteHlprObj\CurVer -> Adware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\SiteHlpr.SiteHlprObj.1 -> Adware.VX2 : Cleaned with backup HKU\S-1-5-21-3656001625-1156631218-4251244882-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0103CD4-D1CE-411A-B75B-4FEC072867F4} -> Trojan.Puper.ac : Cleaned with backup C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\STEVE\Local Settings\Temp\Cookies\steve@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@oxcash[2].txt -> TrackingCookie.Oxcash : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@oxcash[1].txt -> TrackingCookie.Oxcash : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@programs.wegcash[3].txt -> TrackingCookie.Wegcash : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@www.web-stat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@image.masterstats[3].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@programs.wegcash[4].txt -> TrackingCookie.Wegcash : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@ehg-findlaw.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@yadro[4].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@northwestairlines.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@e-2dj6wjnyepdjsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@buildabear.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@tracking.g3x[1].txt -> TrackingCookie.G3x : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@yadro[3].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@gateway.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@sec1.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@ehg-mastercard.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@ehg-findlaw.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@sales.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[4].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@adopt.specificclick[6].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@sec1.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@ads43.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@www.res99[1].txt -> TrackingCookie.Res99 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@data4.perf.overture[3].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\STEVE\Cookies\steve@data3.perf.overture[3].txt -> TrackingCookie.Overture : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq963C.tmp -> TrackingCookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq964B.tmp -> TrackingCookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq965A.tmp -> TrackingCookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9668.tmp -> TrackingCookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9677.tmp -> TrackingCookie.2o7 : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9684.tmp -> TrackingCookie.Atdmt : Cleaned with backup ::Report End Rapport.txt: SmitFraudFix v2.55 Scan done at 20:40:16.90, Wed 06/07/2006 Run from C:\Documents and Settings\STEVE\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}"="Security Update" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\1024\ Deleted C:\DOCUME~1\STEVE\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Panda Log: Incident Status Location Adware:adware/quicksearch Not disinfected c:\windows\downloaded program files\install.inf Spyware:spyware/searchcentrix Not disinfected Windows Registry Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 10:13:49 PM, on 6/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1102879008\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\techbox\techbox.exe C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\YAHOO!\YOP\yop.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\YAHOO!\browser\ycommon.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Common Files\AOL\1102879008\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\AOL\1102879008\ee\aolsoftware.exe c:\program files\common files\aol\1102879008\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe C:\hjt\hjt.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Starwood Toolbar - {CAC335E0-9FFB-4a59-A3F5-03B7713E937B} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Tech-In-A-Box] C:\techbox\techbox.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102879008\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Freecell Solitaire - http://presence.games.yahoo.com/yog/y/fs10_x.cab O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4CBBC676-507F-11D0-B98B-000000000000} - http://www.bc777.com/software/special/SiteHlpr.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v61/swapit/swapit.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab O16 - DPF: {CAC335E0-9FFB-4A59-A3F5-03B7713E937B} (Starwood Toolbar) - http://www.starwood.com/dp/en_US/common/downloads/starpoint/toolbar/install.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0D} (ZaboCheckAndRunControl Class) - http://busobj.emcare.com:85/wijsp/distribution/ZaboIEen.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1102879008\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE And we're on our way. Last edited by Ried; 06-08-2006 at 07:21 AM. Reason: took out double spacing for easier review