Tech Support banner
Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
10 Posts
Discussion Starter · #1 ·
Logfile of HijackThis v1.99.1
Scan saved at 2:42:47 AM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
C:\PROGRA~1\UnHackMe\hackmon.exe
D:\Program Files\AIM\aim.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
d:\progra~1\intern~1\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\wpabaln.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\mIRC2\mirc.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashFXP\FlashFXP.exe
D:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.122.174.58:7212
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - D:\WINDOWS\System32\SearchTool\nst5F2.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitRoll\TorrentManager.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\PROGRA~1\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [idefisk.exe] "D:\Program Files\Asteriskguru\Idefisk\idefisk.exe"
O4 - HKCU\..\Run: [Greybyte] D:\DOCUME~1\Owner\APPLIC~1\MESSBA~1\Rect about.exe
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163549841687
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: openglwx - openglwx.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - D:\Program Files\Spyware Doctor\sdhelp.exe
 

·
Registered
Joined
·
2,009 Posts
Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".


regards
alba
 

·
Registered
Joined
·
2,009 Posts
Hello chrisr84

Apologies for the delay things have been a bit hectic around here. You have a couple of real nasties here so please be do all the scans as requested and stick with me until we get your system clean again

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

=================

You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

=================

Download haxfix.exeand save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"
A red "dos window" (dos box) will open with options:

1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

  • Select option 2. Run auto fix by typing 2 and then pressing "Enter"
If an infection is found, you'll get a message to close all other open windows.
  • Close all open windows except the red dos window from haxfix and then press "Enter"
  • The computer will reboot
  • After reboot a logfile will open > (c:\haxfix.txt)
  • Save the logfile and post the contents Here at the end of the fix

=================

NoLop

  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish. Please Post the contents of C:\NoLop.log at the end of this fix.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

===============================================

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

===============================================

From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :
  • Begin2search

=================

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - D:\WINDOWS\System32\SearchTool\nst5F2.dll (file missing)
O4 - HKCU\..\Run: [Greybyte] D:\DOCUME~1\Owner\APPLIC~1\MESSBA~1\Rect about.exe
O20 - Winlogon Notify: openglwx - openglwx.dll (file missing)


Please remember to close all other windows, including browsers then click Fix checked.

===============================================

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • D:\Documents and Settings\Owner\Application Data\MESSBA ------Any folder that starts with this
  • D:\WINDOWS\System32\SearchTool
===============================================

REBOOT TO NORMAL MODE

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


=================

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


=================

Please download this tool > http://smallfrogs.googlepages.com/sreng2.zip

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it

If you scroll down when replying click on the Manage attachments button and follow the instructions.

=================

Please Run a scan with HiJackThis and save the log

===============================================

In your next post, please include fresh logs from:
  1. haxfix.txt(c:\haxfix.txt)
  2. C:\NoLop.log(C:\NoLop.log)
  3. Online scan
  4. ComboFix.txt
  5. HiJackThis
  6. SREng attachement
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #4 ·
HAXFIX logfile - by Marckie

version 4.37
Sun 01/28/2007 23:18:56.04

--- Auto Haxdoorfix ---


searching for files:

no infections found


--- Goldunfix ---


searching for files:


checking iexplore.exe
iexplore.exe is not infected

searching for SSODLkeys:
no SSODLkeys found

searching for notifykeys:
no notifykeys found

searching for services:
no services found


Finished

NoLop! Log by Skate_Punk_21

Fix running from: D:\Documents and Settings\Owner\Desktop
[1/28/2007]
[11:29:07 PM]

---Infection Files Found/Removed---
D:\WINDOWS\tasks\AD9681E291393E2E.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

D:\Documents and Settings\Administrator\Application Data\Microsoft
D:\Documents and Settings\All Users\Application Data\Apple Computer
D:\Documents and Settings\All Users\Application Data\Avg7
D:\Documents and Settings\All Users\Application Data\Bvrp Software
D:\Documents and Settings\All Users\Application Data\Google
D:\Documents and Settings\All Users\Application Data\Grisoft
D:\Documents and Settings\All Users\Application Data\Installshield
D:\Documents and Settings\All Users\Application Data\Microsoft
D:\Documents and Settings\All Users\Application Data\Microsoft Help
D:\Documents and Settings\All Users\Application Data\Msn6
D:\Documents and Settings\All Users\Application Data\Napster
D:\Documents and Settings\All Users\Application Data\Pokemovetitleooze
D:\Documents and Settings\All Users\Application Data\Quicktime
D:\Documents and Settings\All Users\Application Data\Viewpoint -- EMPTY Directory
D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
D:\Documents and Settings\All Users\Application Data\Yahoo!
D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
D:\Documents and Settings\Default User\Application Data\Microsoft
D:\Documents and Settings\Gaming\Application Data\Aim
D:\Documents and Settings\Gaming\Application Data\Ati
D:\Documents and Settings\Gaming\Application Data\Google
D:\Documents and Settings\Gaming\Application Data\Identities
D:\Documents and Settings\Gaming\Application Data\Macromedia
D:\Documents and Settings\Gaming\Application Data\Microsoft
D:\Documents and Settings\Gaming\Application Data\Mozilla
D:\Documents and Settings\Gaming\Application Data\Yahoo!
D:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
D:\Documents and Settings\Localservice\Application Data\Macromedia
D:\Documents and Settings\Localservice\Application Data\Microsoft
D:\Documents and Settings\Networkservice\Application Data\Microsoft
D:\Documents and Settings\Owner\Application Data\Acccore
D:\Documents and Settings\Owner\Application Data\Adobe
D:\Documents and Settings\Owner\Application Data\Aim
D:\Documents and Settings\Owner\Application Data\Apple Computer
D:\Documents and Settings\Owner\Application Data\Ati
D:\Documents and Settings\Owner\Application Data\Avg7
D:\Documents and Settings\Owner\Application Data\Bitroll
D:\Documents and Settings\Owner\Application Data\Bittorrent
D:\Documents and Settings\Owner\Application Data\Divx
D:\Documents and Settings\Owner\Application Data\Flashfxp
D:\Documents and Settings\Owner\Application Data\Google
D:\Documents and Settings\Owner\Application Data\Help -- EMPTY Directory
D:\Documents and Settings\Owner\Application Data\Identities
D:\Documents and Settings\Owner\Application Data\Intertrust
D:\Documents and Settings\Owner\Application Data\Macromedia
D:\Documents and Settings\Owner\Application Data\Messballcomp
D:\Documents and Settings\Owner\Application Data\Microsoft
D:\Documents and Settings\Owner\Application Data\Mozilla
D:\Documents and Settings\Owner\Application Data\Msn6 -- EMPTY Directory
D:\Documents and Settings\Owner\Application Data\Pc Tools
D:\Documents and Settings\Owner\Application Data\Roxio
D:\Documents and Settings\Owner\Application Data\Securom
D:\Documents and Settings\Owner\Application Data\Sun
D:\Documents and Settings\Owner\Application Data\Utorrent
D:\Documents and Settings\Owner\Application Data\Viewpoint
D:\Documents and Settings\Owner\Application Data\Xfire
D:\Documents and Settings\Owner\Application Data\Yahoo!


Incident Status Location

Adware:Adware/Lop Not disinfected D:\Documents and Settings\All Users\Application Data\pokemovetitleooze\itch roam.exe
Spyware:Cookie/Entrepreneur Not disinfected D:\Documents and Settings\Gaming\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected D:\Program Files\HaxFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\WINDOWS\system32\process.exe

"Owner" - 07-01-29 2:13:02 Service Pack 2
ComboFix 07-01-25 - Running from: "D:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\drivers\npf.sys


((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


2007-01-29 00:26 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-01-29 00:26 <DIR> d-------- D:\WINDOWS\LastGood
2007-01-28 23:29 <DIR> d-------- D:\NoLopBackups
2007-01-28 23:18 90,112 --a------ D:\WINDOWS\system32\RegDACL.exe
2007-01-28 23:18 8,234 --a------ D:\clean.bat
2007-01-28 23:18 53,248 --a------ D:\WINDOWS\system32\process.exe
2007-01-28 23:18 40,960 --a------ D:\WINDOWS\system32\swsc.exe
2007-01-28 23:18 4,096 --a------ D:\WINDOWS\system32\reboot.exe
2007-01-28 23:18 38,400 --a------ D:\WINDOWS\system32\moveex.exe
2007-01-28 23:09 816,672 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
2007-01-28 23:09 4,224 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-28 23:09 3,968 --a------ D:\WINDOWS\system32\drivers\avgclean.sys
2007-01-28 23:09 28,416 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-28 23:09 18,240 --a------ D:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-28 23:09 <DIR> d-------- D:\DOCUME~1\Owner\Application Data\AVG7
2007-01-28 23:09 <DIR> d-------- D:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-28 23:09 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-28 23:09 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-27 21:39 129,784 --------- D:\WINDOWS\system32\pxafs.dll
2007-01-25 17:19 524,288 --a------ D:\WINDOWS\system32\DivXsm.exe
2007-01-25 17:19 3,596,288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2007-01-25 17:18 200,704 --a------ D:\WINDOWS\system32\ssldivx.dll
2007-01-25 17:18 1,044,480 --a------ D:\WINDOWS\system32\libdivx.dll
2007-01-25 17:13 823,296 --a------ D:\WINDOWS\system32\divx_xx0c.dll
2007-01-25 17:13 823,296 --a------ D:\WINDOWS\system32\divx_xx07.dll
2007-01-25 17:13 802,816 --a------ D:\WINDOWS\system32\divx_xx11.dll
2007-01-25 17:13 738,906 --a------ D:\WINDOWS\system32\DivX.dll
2007-01-25 17:13 73,728 --a------ D:\WINDOWS\system32\dpl100.dll
2007-01-25 17:13 593,920 --a------ D:\WINDOWS\system32\dpuGUI11.dll
2007-01-25 17:13 57,344 --a------ D:\WINDOWS\system32\dpv11.dll
2007-01-25 17:13 53,248 --a------ D:\WINDOWS\system32\dpuGUI10.dll
2007-01-25 17:13 344,064 --a------ D:\WINDOWS\system32\dpus11.dll
2007-01-25 17:13 294,912 --a------ D:\WINDOWS\system32\dpu11.dll
2007-01-25 17:13 294,912 --a------ D:\WINDOWS\system32\dpu10.dll
2007-01-25 17:13 196,608 --a------ D:\WINDOWS\system32\dtu100.dll
2007-01-16 23:23 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-01-12 19:56 <DIR> d-------- D:\WINDOWS\ie7updates
2007-01-12 18:38 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Application Data\pokemovetitleooze
2007-01-12 18:37 <DIR> d-------- D:\Program Files\messballcomp
2007-01-12 18:36 <DIR> d-------- D:\DOCUME~1\Owner\Application Data\BitRoll
2007-01-11 01:22 <DIR> d-------- D:\WINDOWS\WBEM
2007-01-11 01:22 <DIR> d-------- D:\WINDOWS\system32\en-US
2007-01-11 01:20 <DIR> d--h-c--- D:\WINDOWS\ie7
2007-01-11 01:19 121,856 --------- D:\WINDOWS\system32\xmllite.dll
2007-01-11 01:19 <DIR> d-------- D:\WINDOWS\network diagnostic
2007-01-10 18:37 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-10 18:37 <DIR> d-------- D:\Program Files\Grisoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-29 01:52 -------- d-------- D:\Program Files\spyware doctor
2007-01-29 01:51 -------- d-------- D:\Program Files\mozilla firefox
2007-01-29 01:50 -------- d-------- D:\Program Files\google
2007-01-29 01:50 -------- d-------- D:\Program Files\getright
2007-01-29 01:48 -------- d-------- D:\Program Files\aim
2007-01-28 23:08 -------- d---s---- D:\DOCUME~1\Owner\Application Data\microsoft
2007-01-28 03:28 -------- d-------- D:\Program Files\trillian
2007-01-27 21:58 -------- d-------- D:\Program Files\tigergame controller
2007-01-27 21:39 -------- d-------- D:\Program Files\divx
2007-01-26 03:02 -------- d-------- D:\DOCUME~1\Owner\Application Data\bittorrent
2007-01-25 17:19 36624 --------- D:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-25 17:19 118520 --------- D:\WINDOWS\system32\pxinsi64.exe
2007-01-25 17:19 116472 --------- D:\WINDOWS\system32\pxcpyi64.exe
2007-01-10 18:38 -------- d-------- D:\Program Files\ewido anti-spyware 4.0
2007-01-10 00:49 -------- d-------- D:\DOCUME~1\Owner\Application Data\macromedia
2006-12-27 19:39 -------- d-------- D:\Program Files\winpcap
2006-12-12 08:24 12288 --a------ D:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 08:24 118784 --a------ D:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-06 21:29 2374472 --a------ D:\WINDOWS\system32\wmvcore.dll
2006-11-30 14:43 -------- d--h----- D:\Program Files\installshield installation information
2006-11-07 21:06 679424 --a------ D:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- D:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- D:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- D:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ D:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ D:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- D:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ D:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ D:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ D:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ D:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ D:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ D:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ D:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ D:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ D:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ D:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ D:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ D:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"UnHackMe Monitor"="C:\\PROGRA~1\\UnHackMe\\hackmon.exe"
"AIM"="D:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DeadAIM"="rundll32.exe \"D:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GetRight - Tray Icon.lnk"
"backup"="D:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\GetRight\\getright.exe "
"item"="GetRight - Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="D:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Owner^Start Menu^Programs^Startup^[email protected] 5.03.lnk]
"path"="D:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\[email protected] 5.03.lnk"
"backup"="D:\\WINDOWS\\pss\\[email protected] 5.03.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\FOLDIN~1\\winFAH.exe "
"item"="[email protected] 5.03"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Owner^Start Menu^Programs^Startup^Ubisoft register.lnk]
"path"="D:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Ubisoft register.lnk"
"backup"="D:\\WINDOWS\\pss\\Ubisoft register.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\Ubisoft\\Register\\schedule.exe /9/17/2006 1:44:13 AM /game=Call of Juarez MP Demo /language=english /country=United States /url=http://register-it.ubi.com/register.asp"
"item"="Ubisoft register"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="D:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FRAPS"
"hkey"="HKCU"
"command"="C:\\FRAPS\\FRAPS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greybyte]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rect about"
"hkey"="HKCU"
"command"="D:\\DOCUME~1\\Owner\\APPLIC~1\\MESSBA~1\\Rect about.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idefisk.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="idefisk"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Asteriskguru\\Idefisk\\idefisk.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger Backup Chat Logger]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ChatLogger"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Messenger Backup\\ChatLogger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="napster"
"hkey"="HKLM"
"command"="C:\\Program Files\\Napster\\napster.exe /systray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="D:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="D:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\title ooze up wma]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="itch roam"
"hkey"="HKLM"
"command"="D:\\Documents and Settings\\All Users\\Application Data\\pokemovetitleooze\\itch roam.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="D:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryRepairPro"
"hkey"="HKCU"
"command"="C:\\Program Files\\3B Software\\Windows Registry Repair Pro\\RegistryRepairPro.exe 4"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://geocities.com/pleasanton_ca/P1010152a.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


Completion time: 07-01-29 2:14:55

Code:
2007-01-29,16:50:52

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <UnHackMe Monitor><C:\PROGRA~1\UnHackMe\hackmon.exe>  [Greatis Software]
    <AIM><D:\Program Files\AIM\aim.exe -cnetwait.odl>  [(Verified)America Online, Inc.]
    <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Yahoo! Pager><"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <DeadAIM><rundll32.exe "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs>  [N/A]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [N/A]
    <AVG7_CC><D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP>  [GRISOFT, s.r.o.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL>  [(Verified)Microsoft Corporation]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ATICCC><; "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe">  [N/A]
    <BearShare><; "C:\Program Files\BearShare\BearShare.exe" /pause>  [Free Peers, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BitTorrent><; "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized>  [N/A]
    <ctfmon.exe><; D:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools><; "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DT Soft Ltd.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Fraps><; C:\FRAPS\FRAPS.EXE>  [Beepa P/L]
    <Free Download Manager><; C:\Program Files\Free Download Manager\fdm.exe -autorun>  [N/A]
    <googletalk><; "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart>  [N/A]
    <Greybyte><; D:\DOCUME~1\Owner\APPLIC~1\MESSBA~1\Rect about.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <GrooveMonitor><; "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe">  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <idefisk.exe><; "D:\Program Files\Asteriskguru\Idefisk\idefisk.exe">  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [N/A]
    <kav><; "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [N/A]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <Messenger Backup Chat Logger><; "C:\Program Files\Messenger Backup\ChatLogger.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "D:\Program Files\Messenger\MSMSGS.EXE" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NapsterShell><; C:\Program Files\Napster\napster.exe /systray>  [Napster]
    <NeroFilterCheck><; D:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <QuickTime Task><; "D:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Spyware Doctor><; "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q>  [PCTools]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SunJavaUpdateSched><; D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe>  [Sun Microsystems, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <swg><; D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe>  [(Verified)Google Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <title ooze up wma><; D:\Documents and Settings\All Users\Application Data\pokemovetitleooze\itch roam.exe>  [N/A]
    <WatchDog><; D:\Program Files\mobile PhoneTools\WatchDog.exe>  [N/A]
    <WinampAgent><; C:\Program Files\Winamp\winampa.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Windows Registry Repair Pro><; C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4>  [N/A]
    <Yahoo! Pager><; "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]

==================================
Startup Folders
N/A

==================================
Services
[Application Management / AppMgmt][Stopped/Manual Start]
  <D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <D:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <D:\WINDOWS\system32\ati2sgag.exe><>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
  <D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
  <D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Disabled]
  <"D:\Program Files\WinPcap\rpcapd.exe" -d -f "D:\Program Files\WinPcap\rpcapd.ini"><N/A>
[PC Tools Spyware Doctor / SDhelper][Running/Auto Start]
  <D:\Program Files\Spyware Doctor\sdhelp.exe><PC Tools>

==================================
Drivers
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Advanced SCSI Programming Interface Driver / ASPI][Stopped/Manual Start]
  <\??\D:\WINDOWS\System32\DRIVERS\ASPI32.sys><Adaptec>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG7 Kernel / Avg7Core][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[AVG7 Clean Driver / AvgClean][Running/System Start]
  <\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[DS1410D / DS1410D][Running/Auto Start]
  <\??\D:\WINDOWS\System32\drivers\ds1410d.sys><N/A>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\D:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[PlayLinc Adapter / hamachi_oem][Stopped/Manual Start]
  <System32\DRIVERS\gan_adapter.sys><Applied Networking Inc.>
[Hardlock / Hardlock][Running/Auto Start]
  <\??\D:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
[Haspnt / Haspnt][Running/Auto Start]
  <\??\D:\WINDOWS\System32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[File Security Kernel Anti-Spyware Driver / ikhfile][Running/System Start]
  <\??\D:\WINDOWS\System32\drivers\ikhfile.sys><PCTools Research Pty Ltd.>
[Kernel Anti-Spyware Driver / ikhlayer][Running/System Start]
  <\??\D:\WINDOWS\System32\drivers\ikhlayer.sys><PCTools Research Pty Ltd.>
[Memctl / Memctl][Stopped/Manual Start]
  <\??\D:\Program Files\ABIT\FlashMenu\Memctl.sys><N/A>
[NPPTNT2 / NPPTNT2][Running/System Start]
  <\??\D:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[OPENGL technology access / openglwxd][Stopped/System Start]
  <\??\D:\WINDOWS\System32\openglwxd.sys><N/A>
[PSSdk23 / PSSdk23][Stopped/Manual Start]
  <\??\D:\WINDOWS\System32\Drivers\PsSdk23.drv><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Rainbow USB SuperPro / Sntnlusb][Stopped/Manual Start]
  <System32\DRIVERS\SNTNLUSB.SYS><Rainbow Technologies Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\D:\WINDOWS\system32\drivers\klif.sys><N/A>
[Winbond GPIO Driver1 / WBHWDOCT][Stopped/Manual Start]
  <System32\drivers\WBHWDOCT.sys><Winbond Electronics Corp.>
[WINFLASH / WINFLASH][Stopped/Manual Start]
  <\??\D:\Program Files\ABIT\FlashMenu\WinFlash.sys><N/A>
[XBox Controllers USB HID Mini Driver / XPAD][Stopped/Manual Start]
  <System32\Drivers\xpad.sys><Beijing WiseGrup.,Ltd (gamepad.yeah.net)>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[bho2gr Class]
  {31FF080D-12A3-439A-A2EF-4BA95A3148E8} <D:\Program Files\GetRight\xx2gr.dll, Headlight Software, Inc.>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <D:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[PCTools Site Guard]
  {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} <D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll, PC Tools>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[PCTools Browser Monitor]
  {B56A7D7D-6927-48C8-A975-17DF180C71AC} <D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[WebManager Class]
  {D5792AA9-D373-4039-8670-2CDAB6A71F15} <C:\Program Files\BitRoll\TorrentManager.dll, WakeNet>
[FlashFXP Helper for Internet Explorer]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <C:\PROGRA~1\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[Java Plug-in]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll, Microsoft Corporation>
[PCTools Browser Monitor]
  {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} <D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <D:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <D:\Program Files\AIM\aim.exe, America Online, Inc.>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger Backup]
  {ECC5777A-6E88-BFCE-13CE-81F134789E7B} <C:\Program Files\Messenger Backup\Messenger Backup, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <D:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <D:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[MSSecurityAdvisor Class]
  {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} <D:\WINDOWS\System32\mssecadv.dll, Microsoft Corporation>
[YInstStarter Class]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <D:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <D:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[GSDACtl Class]
  {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} <D:\WINDOWS\Downloaded Program Files\gsda.dll, N/A>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Pearson Installation Assistant 2]
  {95D88B35-A521-472B-A182-BB1A98356421} <D:\WINDOWS\DOWNLO~1\PEARSO~1.OCX, >
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[IWinAmpActiveX Class]
  {B49C4597-8721-4789-9250-315DFBD9F525} <D:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AmpX.dll, >
[System Requirements Lab Class]
  {BE833F39-1E0C-468C-BA70-25AAEE55775E} <D:\WINDOWS\Downloaded Program Files\sysreqlab.dll, Husdawg, LLC>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Pearson MathXL Player]
  {E6D23284-0E9B-417D-A782-03E4487FC947} <D:\WINDOWS\DOWNLO~1\MATHPL~1.OCX, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <D:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Shockwave ActiveX Control]
  {233C1507-6A77-46A4-9443-F871F945D258} <D:\WINDOWS\system32\Macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <D:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[bho2gr Class]
  {31FF080D-12A3-439A-A2EF-4BA95A3148E8} <D:\Program Files\GetRight\xx2gr.dll, Headlight Software, Inc.>
[AudioWizard Class]
  {41695A8E-6414-11D4-8FB3-00D0B7730277} <D:\Program Files\Yahoo!\Messenger\asw.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[Reporte Class]
  {4A2A4430-3967-4461-94C7-BD95C419F3CF} <D:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <D:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <D:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[PCTools Site Guard]
  {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} <D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll, PC Tools>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[DivXBrowserPlugin Object]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <D:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Seleccion Class]
  {6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <D:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <D:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[ControlConexion Class]
  {6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <D:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <D:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
  {88D969C1-F192-11D4-A65F-0040963251E5} <D:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XSL Template 4.0]
  {88D969C3-F192-11D4-A65F-0040963251E5} <D:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <D:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 5.0]
  {88D969E6-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[XSL Template 5.0]
  {88D969E8-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Pearson Installation Assistant 2]
  {95D88B35-A521-472B-A182-BB1A98356421} <D:\WINDOWS\DOWNLO~1\PEARSO~1.OCX, >
[Panda ActiveScan]
  {96567F65-E04C-4611-AF29-7CDEA6FA6A84} <D:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[PCTools Browser Monitor]
  {B56A7D7D-6927-48C8-A975-17DF180C71AC} <D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <D:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[GetInfo Class]
  {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <D:\PROGRA~1\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
[WebManager Class]
  {D5792AA9-D373-4039-8670-2CDAB6A71F15} <C:\Program Files\BitRoll\TorrentManager.dll, WakeNet>
[MessengerChecker Class]
  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <D:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.>
[FlashFXP Helper for Internet Explorer]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <C:\PROGRA~1\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[Messenger Class]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[Pearson MathXL Player]
  {E6D23284-0E9B-417D-A782-03E4487FC947} <D:\WINDOWS\DOWNLO~1\MATHPL~1.OCX, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[&Yahoo! Search]
  <file:///D:\Program Files\Yahoo!\Common/ycsrch.htm, N/A>
[Download with GetRight]
  <D:\Program Files\GetRight\GRdownload.htm, N/A>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000, N/A>
[Open with GetRight Browser]
  <D:\Program Files\GetRight\GRbrowse.htm, N/A>
[Yahoo! &Dictionary]
  <file:///D:\Program Files\Yahoo!\Common/ycdict.htm, N/A>
[Yahoo! &Maps]
  <file:///D:\Program Files\Yahoo!\Common/ycmap.htm, N/A>
[Yahoo! &SMS]
  <file:///D:\Program Files\Yahoo!\Common/ycsms.htm, N/A>

==================================
Running Processes
[PID: 692][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][\??\D:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780][\??\D:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4142]
[PID: 828][D:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][D:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][D:\WINDOWS\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4142]
    [D:\WINDOWS\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2504]
[PID: 1028][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1228][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1312][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1396][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1540][D:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4142]
    [D:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2504]
    [D:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4142]
[PID: 1692][D:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 1856][D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [D:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgamint.dll]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7.5.0.407]
[PID: 1892][D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Grisoft\AVG Free\avgupd.dll]  [GRISOFT, s.r.o., 7.5.0.432]
    [D:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgupsvc.dll]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7.5.0.407]
[PID: 1996][D:\Program Files\Spyware Doctor\sdhelp.exe]  [PC Tools, 3.2.0.10]
[PID: 328][D:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1432][D:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1536][D:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.42]
    [D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [D:\Program Files\Grisoft\AVG Free\avgse.dll]  [GRISOFT, s.r.o., 7.5.0.409]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing LP, 4.1 (32-bit)]
    [c:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [D:\PROGRA~1\Yahoo!\Common\ymmapi.dll]  [Yahoo! Inc., 2005, 1, 1, 4]
    [D:\WINDOWS\System32\CmdLineExt.dll]  [Sony DADC Austria AG., 1,0,201,0]
    [D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [D:\Program Files\GetRight\xx2gr.dll]  [Headlight Software, Inc., 6.0b]
    [D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll]  [Sun Microsystems, Inc., 5.0.60.5]
[PID: 1940][D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe]  [GRISOFT, s.r.o., 7.5.0.418]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll]  [GRISOFT, s.r.o., 7.5.0.430]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll]  [GRISOFT, s.r.o., 7.5.0.428]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll]  [GRISOFT, s.r.o., 7.5.0.432]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll]  [N/A, N/A]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [D:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgf.dll]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\AVGRES.DLL]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\avgcckrn.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7.5.0.407]
    [D:\Program Files\Grisoft\AVG Free\avgvault.dll]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\Program Files\Grisoft\AVG Free\avgrep.dll]  [GRISOFT, s.r.o., 7.5.0.407]
    [D:\Program Files\Grisoft\AVG Free\avgunarc.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avgxch32.dll]  [GRISOFT, s.r.o., 7.5.0.432]
[PID: 1992][C:\PROGRA~1\UnHackMe\hackmon.exe]  [Greatis Software, 2.5.0.215]
[PID: 2008][D:\Program Files\AIM\aim.exe]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\AIM_xmlp.dll]  [N/A, N/A]
    [D:\Program Files\AIM\Xprt.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\oscore.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\Xpcs.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\Xptl.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\idlemon.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscres.dll]  [N/A, N/A]
    [D:\Program Files\AIM\DUNZIP32.dll]  [Inner Media, Inc., 5.00.00]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\AIM\ATE32.dll]  [America Online, Inc., 2.5.18.0]
    [D:\Program Files\AIM\AIMToday.dll]  [N/A, N/A]
    [D:\Program Files\AIM\xprt5.dll]  [America Online, Inc., 5.0.0.4426]
    [D:\WINDOWS\System32\devenum.dll]  [N/A, N/A]
    [D:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\PROGRA~1\AIM\sb.dll]  [America Online, Inc., 9.00.001]
    [D:\PROGRA~1\AIM\xmlparse.dll]  [N/A, N/A]
    [D:\PROGRA~1\AIM\xmltok.dll]  [N/A, N/A]
    [D:\Program Files\AIM\CoolSocket.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\aimres.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\CoolBucky.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\AimCoreSvcs.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\CoolBos.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\AimSecondarySvcs.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscarui.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\WNDUTILS.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\AIMAX.dll]  [N/A, N/A]
    [D:\Program Files\AIM\proto.ocm]  [America Online, Inc., 0.0.0.0]
    [D:\Program Files\AIM\CoolHttp.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\startup.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\aimapi.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\buddyui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\icbmui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\rtvideo.dll]  [America Online, Inc., 1.0.2.1]
    [D:\Program Files\AIM\locateui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\browse.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\chatui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\ticker.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\alertui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscmain.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\miscui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\osclogin.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\deadaim.ocm]  [JDennis.net Ltd, 4, 5, 0, 0]
    [D:\Program Files\AIM\DAThnk.dap]  [JDennis.net Ltd, 1, 0, 0, 0]
    [D:\Program Files\AIM\stats.ocm]  [N/A, N/A]
    [D:\Program Files\AIM\popup.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscsrch.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\rvapps.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscmail.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\NTP.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\ateima32.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\CoolSecNss.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\nss3.dll]  [Netscape Communications Corporation, 3.9.2]
    [D:\Program Files\AIM\softokn3.dll]  [Netscape Communications Corporation, 3.9.2]
    [D:\Program Files\AIM\plc4.dll]  [Netscape Communications Corporation, 4.4.1]
    [D:\Program Files\AIM\nspr4.dll]  [Netscape Communications Corporation, 4.4.1]
    [D:\Program Files\AIM\plds4.dll]  [Netscape Communications Corporation, 4.4.1]
    [D:\Program Files\AIM\ssl3.dll]  [Netscape Communications Corporation, 3.9.2]
    [D:\Program Files\AIM\smime3.dll]  [Netscape Communications Corporation, 3.9.2]
    [D:\Program Files\AIM\nssckbi.dll]  [N/A, N/A]
    [D:\WINDOWS\System32\quartz.dll]  [N/A, N/A]
    [D:\Program Files\AIM\inetsocket.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll]  [Yahoo! Inc., 2006, 10, 26, 1]
[PID: 2016][D:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2292][D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe]  [GRISOFT, s.r.o., 7.5.0.417]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AVGABOUT.DLL]  [GRISOFT, s.r.o., 7.5.0.428]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AVGTMGR.DLL]  [GRISOFT, s.r.o., 7.5.0.430]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AVGSET.DLL]  [N/A, N/A]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AVGTEST.DLL]  [GRISOFT, s.r.o., 7.5.0.432]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgf.dll]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\AVGRES.DLL]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\avgscan.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgunarc.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avghlog.dll]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\avgcore.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7.5.0.407]
[PID: 2508][D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 908, 5008]
    [D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll]  [Google Inc., 1, 2, 908, 5008]
    [D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll]  [Google Inc., 1, 2, 908, 5008]
[PID: 1924][D:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.0.9: 2006120612]
    [D:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [D:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.1]
    [D:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.0.9: 2006120612]
    [D:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.1]
    [D:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.1]
    [D:\Program Files\Mozilla Firefox\smime3.dll]  [Netscape Communications Corporation, 3.10.2]
    [D:\Program Files\Mozilla Firefox\nss3.dll]  [Netscape Communications Corporation, 3.10.2]
    [D:\Program Files\Mozilla Firefox\softokn3.dll]  [Netscape Communications Corporation, 3.10.2]
    [D:\Program Files\Mozilla Firefox\ssl3.dll]  [Netscape Communications Corporation, 3.10.2]
    [D:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.0.9: 2006120612]
    [D:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.0.9: 2006120612]
    [D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n1f0ei1a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll]  [N/A, N/A]
    [D:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.8.0.9: 2006120612]
    [D:\Program Files\Mozilla Firefox\nssckbi.dll]  [Netscape Communications Corporation, 1.53]
    [D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n1f0ei1a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll]  [N/A, N/A]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.42]
[PID: 3072][D:\Documents and Settings\Owner\Desktop\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
API HOOK
N/A

==================================
Logfile of HijackThis v1.99.1
Scan saved at 12:05:00 AM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.122.174.58:7212
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitRoll\TorrentManager.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\PROGRA~1\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163549841687
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - D:\Program Files\Spyware Doctor\sdhelp.exe
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #5 ·
HAXFIX logfile - by Marckie

version 4.37
Sun 01/28/2007 23:18:56.04

--- Auto Haxdoorfix ---


searching for files:

no infections found


--- Goldunfix ---


searching for files:


checking iexplore.exe
iexplore.exe is not infected

searching for SSODLkeys:
no SSODLkeys found

searching for notifykeys:
no notifykeys found

searching for services:
no services found


Finished

NoLop! Log by Skate_Punk_21

Fix running from: D:\Documents and Settings\Owner\Desktop
[1/28/2007]
[11:29:07 PM]

---Infection Files Found/Removed---
D:\WINDOWS\tasks\AD9681E291393E2E.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

D:\Documents and Settings\Administrator\Application Data\Microsoft
D:\Documents and Settings\All Users\Application Data\Apple Computer
D:\Documents and Settings\All Users\Application Data\Avg7
D:\Documents and Settings\All Users\Application Data\Bvrp Software
D:\Documents and Settings\All Users\Application Data\Google
D:\Documents and Settings\All Users\Application Data\Grisoft
D:\Documents and Settings\All Users\Application Data\Installshield
D:\Documents and Settings\All Users\Application Data\Microsoft
D:\Documents and Settings\All Users\Application Data\Microsoft Help
D:\Documents and Settings\All Users\Application Data\Msn6
D:\Documents and Settings\All Users\Application Data\Napster
D:\Documents and Settings\All Users\Application Data\Pokemovetitleooze
D:\Documents and Settings\All Users\Application Data\Quicktime
D:\Documents and Settings\All Users\Application Data\Viewpoint -- EMPTY Directory
D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
D:\Documents and Settings\All Users\Application Data\Yahoo!
D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
D:\Documents and Settings\Default User\Application Data\Microsoft
D:\Documents and Settings\Gaming\Application Data\Aim
D:\Documents and Settings\Gaming\Application Data\Ati
D:\Documents and Settings\Gaming\Application Data\Google
D:\Documents and Settings\Gaming\Application Data\Identities
D:\Documents and Settings\Gaming\Application Data\Macromedia
D:\Documents and Settings\Gaming\Application Data\Microsoft
D:\Documents and Settings\Gaming\Application Data\Mozilla
D:\Documents and Settings\Gaming\Application Data\Yahoo!
D:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
D:\Documents and Settings\Localservice\Application Data\Macromedia
D:\Documents and Settings\Localservice\Application Data\Microsoft
D:\Documents and Settings\Networkservice\Application Data\Microsoft
D:\Documents and Settings\Owner\Application Data\Acccore
D:\Documents and Settings\Owner\Application Data\Adobe
D:\Documents and Settings\Owner\Application Data\Aim
D:\Documents and Settings\Owner\Application Data\Apple Computer
D:\Documents and Settings\Owner\Application Data\Ati
D:\Documents and Settings\Owner\Application Data\Avg7
D:\Documents and Settings\Owner\Application Data\Bitroll
D:\Documents and Settings\Owner\Application Data\Bittorrent
D:\Documents and Settings\Owner\Application Data\Divx
D:\Documents and Settings\Owner\Application Data\Flashfxp
D:\Documents and Settings\Owner\Application Data\Google
D:\Documents and Settings\Owner\Application Data\Help -- EMPTY Directory
D:\Documents and Settings\Owner\Application Data\Identities
D:\Documents and Settings\Owner\Application Data\Intertrust
D:\Documents and Settings\Owner\Application Data\Macromedia
D:\Documents and Settings\Owner\Application Data\Messballcomp
D:\Documents and Settings\Owner\Application Data\Microsoft
D:\Documents and Settings\Owner\Application Data\Mozilla
D:\Documents and Settings\Owner\Application Data\Msn6 -- EMPTY Directory
D:\Documents and Settings\Owner\Application Data\Pc Tools
D:\Documents and Settings\Owner\Application Data\Roxio
D:\Documents and Settings\Owner\Application Data\Securom
D:\Documents and Settings\Owner\Application Data\Sun
D:\Documents and Settings\Owner\Application Data\Utorrent
D:\Documents and Settings\Owner\Application Data\Viewpoint
D:\Documents and Settings\Owner\Application Data\Xfire
D:\Documents and Settings\Owner\Application Data\Yahoo!


Incident Status Location

Adware:Adware/Lop Not disinfected D:\Documents and Settings\All Users\Application Data\pokemovetitleooze\itch roam.exe
Spyware:Cookie/Entrepreneur Not disinfected D:\Documents and Settings\Gaming\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected D:\Program Files\HaxFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\WINDOWS\system32\process.exe

"Owner" - 07-01-29 2:13:02 Service Pack 2
ComboFix 07-01-25 - Running from: "D:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\drivers\npf.sys


((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


2007-01-29 00:26 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2007-01-29 00:26 <DIR> d-------- D:\WINDOWS\LastGood
2007-01-28 23:29 <DIR> d-------- D:\NoLopBackups
2007-01-28 23:18 90,112 --a------ D:\WINDOWS\system32\RegDACL.exe
2007-01-28 23:18 8,234 --a------ D:\clean.bat
2007-01-28 23:18 53,248 --a------ D:\WINDOWS\system32\process.exe
2007-01-28 23:18 40,960 --a------ D:\WINDOWS\system32\swsc.exe
2007-01-28 23:18 4,096 --a------ D:\WINDOWS\system32\reboot.exe
2007-01-28 23:18 38,400 --a------ D:\WINDOWS\system32\moveex.exe
2007-01-28 23:09 816,672 --a------ D:\WINDOWS\system32\drivers\avg7core.sys
2007-01-28 23:09 4,224 --a------ D:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-28 23:09 3,968 --a------ D:\WINDOWS\system32\drivers\avgclean.sys
2007-01-28 23:09 28,416 --a------ D:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-28 23:09 18,240 --a------ D:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-28 23:09 <DIR> d-------- D:\DOCUME~1\Owner\Application Data\AVG7
2007-01-28 23:09 <DIR> d-------- D:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-28 23:09 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-28 23:09 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-27 21:39 129,784 --------- D:\WINDOWS\system32\pxafs.dll
2007-01-25 17:19 524,288 --a------ D:\WINDOWS\system32\DivXsm.exe
2007-01-25 17:19 3,596,288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2007-01-25 17:18 200,704 --a------ D:\WINDOWS\system32\ssldivx.dll
2007-01-25 17:18 1,044,480 --a------ D:\WINDOWS\system32\libdivx.dll
2007-01-25 17:13 823,296 --a------ D:\WINDOWS\system32\divx_xx0c.dll
2007-01-25 17:13 823,296 --a------ D:\WINDOWS\system32\divx_xx07.dll
2007-01-25 17:13 802,816 --a------ D:\WINDOWS\system32\divx_xx11.dll
2007-01-25 17:13 738,906 --a------ D:\WINDOWS\system32\DivX.dll
2007-01-25 17:13 73,728 --a------ D:\WINDOWS\system32\dpl100.dll
2007-01-25 17:13 593,920 --a------ D:\WINDOWS\system32\dpuGUI11.dll
2007-01-25 17:13 57,344 --a------ D:\WINDOWS\system32\dpv11.dll
2007-01-25 17:13 53,248 --a------ D:\WINDOWS\system32\dpuGUI10.dll
2007-01-25 17:13 344,064 --a------ D:\WINDOWS\system32\dpus11.dll
2007-01-25 17:13 294,912 --a------ D:\WINDOWS\system32\dpu11.dll
2007-01-25 17:13 294,912 --a------ D:\WINDOWS\system32\dpu10.dll
2007-01-25 17:13 196,608 --a------ D:\WINDOWS\system32\dtu100.dll
2007-01-16 23:23 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-01-12 19:56 <DIR> d-------- D:\WINDOWS\ie7updates
2007-01-12 18:38 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Application Data\pokemovetitleooze
2007-01-12 18:37 <DIR> d-------- D:\Program Files\messballcomp
2007-01-12 18:36 <DIR> d-------- D:\DOCUME~1\Owner\Application Data\BitRoll
2007-01-11 01:22 <DIR> d-------- D:\WINDOWS\WBEM
2007-01-11 01:22 <DIR> d-------- D:\WINDOWS\system32\en-US
2007-01-11 01:20 <DIR> d--h-c--- D:\WINDOWS\ie7
2007-01-11 01:19 121,856 --------- D:\WINDOWS\system32\xmllite.dll
2007-01-11 01:19 <DIR> d-------- D:\WINDOWS\network diagnostic
2007-01-10 18:37 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-10 18:37 <DIR> d-------- D:\Program Files\Grisoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-29 01:52 -------- d-------- D:\Program Files\spyware doctor
2007-01-29 01:51 -------- d-------- D:\Program Files\mozilla firefox
2007-01-29 01:50 -------- d-------- D:\Program Files\google
2007-01-29 01:50 -------- d-------- D:\Program Files\getright
2007-01-29 01:48 -------- d-------- D:\Program Files\aim
2007-01-28 23:08 -------- d---s---- D:\DOCUME~1\Owner\Application Data\microsoft
2007-01-28 03:28 -------- d-------- D:\Program Files\trillian
2007-01-27 21:58 -------- d-------- D:\Program Files\tigergame controller
2007-01-27 21:39 -------- d-------- D:\Program Files\divx
2007-01-26 03:02 -------- d-------- D:\DOCUME~1\Owner\Application Data\bittorrent
2007-01-25 17:19 36624 --------- D:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-25 17:19 118520 --------- D:\WINDOWS\system32\pxinsi64.exe
2007-01-25 17:19 116472 --------- D:\WINDOWS\system32\pxcpyi64.exe
2007-01-10 18:38 -------- d-------- D:\Program Files\ewido anti-spyware 4.0
2007-01-10 00:49 -------- d-------- D:\DOCUME~1\Owner\Application Data\macromedia
2006-12-27 19:39 -------- d-------- D:\Program Files\winpcap
2006-12-12 08:24 12288 --a------ D:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 08:24 118784 --a------ D:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-06 21:29 2374472 --a------ D:\WINDOWS\system32\wmvcore.dll
2006-11-30 14:43 -------- d--h----- D:\Program Files\installshield installation information
2006-11-07 21:06 679424 --a------ D:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- D:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- D:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- D:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ D:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ D:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- D:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ D:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ D:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ D:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ D:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ D:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ D:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ D:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ D:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ D:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ D:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ D:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ D:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"UnHackMe Monitor"="C:\\PROGRA~1\\UnHackMe\\hackmon.exe"
"AIM"="D:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DeadAIM"="rundll32.exe \"D:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GetRight - Tray Icon.lnk"
"backup"="D:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\GetRight\\getright.exe "
"item"="GetRight - Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="D:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Owner^Start Menu^Programs^Startup^[email protected] 5.03.lnk]
"path"="D:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\[email protected] 5.03.lnk"
"backup"="D:\\WINDOWS\\pss\\[email protected] 5.03.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\FOLDIN~1\\winFAH.exe "
"item"="[email protected] 5.03"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Owner^Start Menu^Programs^Startup^Ubisoft register.lnk]
"path"="D:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Ubisoft register.lnk"
"backup"="D:\\WINDOWS\\pss\\Ubisoft register.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\Ubisoft\\Register\\schedule.exe /9/17/2006 1:44:13 AM /game=Call of Juarez MP Demo /language=english /country=United States /url=http://register-it.ubi.com/register.asp"
"item"="Ubisoft register"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="D:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FRAPS"
"hkey"="HKCU"
"command"="C:\\FRAPS\\FRAPS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greybyte]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rect about"
"hkey"="HKCU"
"command"="D:\\DOCUME~1\\Owner\\APPLIC~1\\MESSBA~1\\Rect about.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idefisk.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="idefisk"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Asteriskguru\\Idefisk\\idefisk.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger Backup Chat Logger]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ChatLogger"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Messenger Backup\\ChatLogger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="napster"
"hkey"="HKLM"
"command"="C:\\Program Files\\Napster\\napster.exe /systray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="D:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="D:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\title ooze up wma]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="itch roam"
"hkey"="HKLM"
"command"="D:\\Documents and Settings\\All Users\\Application Data\\pokemovetitleooze\\itch roam.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="D:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryRepairPro"
"hkey"="HKCU"
"command"="C:\\Program Files\\3B Software\\Windows Registry Repair Pro\\RegistryRepairPro.exe 4"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"D:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://geocities.com/pleasanton_ca/P1010152a.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


Completion time: 07-01-29 2:14:55

Code:
2007-01-29,16:50:52

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <UnHackMe Monitor><C:\PROGRA~1\UnHackMe\hackmon.exe>  [Greatis Software]
    <AIM><D:\Program Files\AIM\aim.exe -cnetwait.odl>  [(Verified)America Online, Inc.]
    <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Yahoo! Pager><"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <DeadAIM><rundll32.exe "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs>  [N/A]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [N/A]
    <AVG7_CC><D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP>  [GRISOFT, s.r.o.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL>  [(Verified)Microsoft Corporation]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ATICCC><; "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe">  [N/A]
    <BearShare><; "C:\Program Files\BearShare\BearShare.exe" /pause>  [Free Peers, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BitTorrent><; "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized>  [N/A]
    <ctfmon.exe><; D:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools><; "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DT Soft Ltd.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Fraps><; C:\FRAPS\FRAPS.EXE>  [Beepa P/L]
    <Free Download Manager><; C:\Program Files\Free Download Manager\fdm.exe -autorun>  [N/A]
    <googletalk><; "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart>  [N/A]
    <Greybyte><; D:\DOCUME~1\Owner\APPLIC~1\MESSBA~1\Rect about.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <GrooveMonitor><; "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe">  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <idefisk.exe><; "D:\Program Files\Asteriskguru\Idefisk\idefisk.exe">  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [N/A]
    <kav><; "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [N/A]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <Messenger Backup Chat Logger><; "C:\Program Files\Messenger Backup\ChatLogger.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "D:\Program Files\Messenger\MSMSGS.EXE" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NapsterShell><; C:\Program Files\Napster\napster.exe /systray>  [Napster]
    <NeroFilterCheck><; D:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <QuickTime Task><; "D:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Spyware Doctor><; "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q>  [PCTools]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SunJavaUpdateSched><; D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe>  [Sun Microsystems, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <swg><; D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe>  [(Verified)Google Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <title ooze up wma><; D:\Documents and Settings\All Users\Application Data\pokemovetitleooze\itch roam.exe>  [N/A]
    <WatchDog><; D:\Program Files\mobile PhoneTools\WatchDog.exe>  [N/A]
    <WinampAgent><; C:\Program Files\Winamp\winampa.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Windows Registry Repair Pro><; C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4>  [N/A]
    <Yahoo! Pager><; "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]

==================================
Startup Folders
N/A

==================================
Services
[Application Management / AppMgmt][Stopped/Manual Start]
  <D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <D:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <D:\WINDOWS\system32\ati2sgag.exe><>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
  <D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
  <D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Disabled]
  <"D:\Program Files\WinPcap\rpcapd.exe" -d -f "D:\Program Files\WinPcap\rpcapd.ini"><N/A>
[PC Tools Spyware Doctor / SDhelper][Running/Auto Start]
  <D:\Program Files\Spyware Doctor\sdhelp.exe><PC Tools>

==================================
Drivers
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Advanced SCSI Programming Interface Driver / ASPI][Stopped/Manual Start]
  <\??\D:\WINDOWS\System32\DRIVERS\ASPI32.sys><Adaptec>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG7 Kernel / Avg7Core][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[AVG7 Clean Driver / AvgClean][Running/System Start]
  <\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[DS1410D / DS1410D][Running/Auto Start]
  <\??\D:\WINDOWS\System32\drivers\ds1410d.sys><N/A>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\D:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[PlayLinc Adapter / hamachi_oem][Stopped/Manual Start]
  <System32\DRIVERS\gan_adapter.sys><Applied Networking Inc.>
[Hardlock / Hardlock][Running/Auto Start]
  <\??\D:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
[Haspnt / Haspnt][Running/Auto Start]
  <\??\D:\WINDOWS\System32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[File Security Kernel Anti-Spyware Driver / ikhfile][Running/System Start]
  <\??\D:\WINDOWS\System32\drivers\ikhfile.sys><PCTools Research Pty Ltd.>
[Kernel Anti-Spyware Driver / ikhlayer][Running/System Start]
  <\??\D:\WINDOWS\System32\drivers\ikhlayer.sys><PCTools Research Pty Ltd.>
[Memctl / Memctl][Stopped/Manual Start]
  <\??\D:\Program Files\ABIT\FlashMenu\Memctl.sys><N/A>
[NPPTNT2 / NPPTNT2][Running/System Start]
  <\??\D:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[OPENGL technology access / openglwxd][Stopped/System Start]
  <\??\D:\WINDOWS\System32\openglwxd.sys><N/A>
[PSSdk23 / PSSdk23][Stopped/Manual Start]
  <\??\D:\WINDOWS\System32\Drivers\PsSdk23.drv><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Rainbow USB SuperPro / Sntnlusb][Stopped/Manual Start]
  <System32\DRIVERS\SNTNLUSB.SYS><Rainbow Technologies Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\D:\WINDOWS\system32\drivers\klif.sys><N/A>
[Winbond GPIO Driver1 / WBHWDOCT][Stopped/Manual Start]
  <System32\drivers\WBHWDOCT.sys><Winbond Electronics Corp.>
[WINFLASH / WINFLASH][Stopped/Manual Start]
  <\??\D:\Program Files\ABIT\FlashMenu\WinFlash.sys><N/A>
[XBox Controllers USB HID Mini Driver / XPAD][Stopped/Manual Start]
  <System32\Drivers\xpad.sys><Beijing WiseGrup.,Ltd (gamepad.yeah.net)>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[bho2gr Class]
  {31FF080D-12A3-439A-A2EF-4BA95A3148E8} <D:\Program Files\GetRight\xx2gr.dll, Headlight Software, Inc.>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <D:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[PCTools Site Guard]
  {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} <D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll, PC Tools>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[PCTools Browser Monitor]
  {B56A7D7D-6927-48C8-A975-17DF180C71AC} <D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[WebManager Class]
  {D5792AA9-D373-4039-8670-2CDAB6A71F15} <C:\Program Files\BitRoll\TorrentManager.dll, WakeNet>
[FlashFXP Helper for Internet Explorer]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <C:\PROGRA~1\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[Java Plug-in]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll, Microsoft Corporation>
[PCTools Browser Monitor]
  {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} <D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <D:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <D:\Program Files\AIM\aim.exe, America Online, Inc.>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger Backup]
  {ECC5777A-6E88-BFCE-13CE-81F134789E7B} <C:\Program Files\Messenger Backup\Messenger Backup, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <D:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <D:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[MSSecurityAdvisor Class]
  {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} <D:\WINDOWS\System32\mssecadv.dll, Microsoft Corporation>
[YInstStarter Class]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <D:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <D:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[GSDACtl Class]
  {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} <D:\WINDOWS\Downloaded Program Files\gsda.dll, N/A>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Pearson Installation Assistant 2]
  {95D88B35-A521-472B-A182-BB1A98356421} <D:\WINDOWS\DOWNLO~1\PEARSO~1.OCX, >
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[IWinAmpActiveX Class]
  {B49C4597-8721-4789-9250-315DFBD9F525} <D:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AmpX.dll, >
[System Requirements Lab Class]
  {BE833F39-1E0C-468C-BA70-25AAEE55775E} <D:\WINDOWS\Downloaded Program Files\sysreqlab.dll, Husdawg, LLC>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Pearson MathXL Player]
  {E6D23284-0E9B-417D-A782-03E4487FC947} <D:\WINDOWS\DOWNLO~1\MATHPL~1.OCX, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <D:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Shockwave ActiveX Control]
  {233C1507-6A77-46A4-9443-F871F945D258} <D:\WINDOWS\system32\Macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <D:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[bho2gr Class]
  {31FF080D-12A3-439A-A2EF-4BA95A3148E8} <D:\Program Files\GetRight\xx2gr.dll, Headlight Software, Inc.>
[AudioWizard Class]
  {41695A8E-6414-11D4-8FB3-00D0B7730277} <D:\Program Files\Yahoo!\Messenger\asw.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[Reporte Class]
  {4A2A4430-3967-4461-94C7-BD95C419F3CF} <D:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <D:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <D:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[PCTools Site Guard]
  {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} <D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll, PC Tools>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[DivXBrowserPlugin Object]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <D:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Seleccion Class]
  {6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <D:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <D:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[ControlConexion Class]
  {6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <D:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <D:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
  {88D969C1-F192-11D4-A65F-0040963251E5} <D:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XSL Template 4.0]
  {88D969C3-F192-11D4-A65F-0040963251E5} <D:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <D:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 5.0]
  {88D969E6-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[XSL Template 5.0]
  {88D969E8-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Pearson Installation Assistant 2]
  {95D88B35-A521-472B-A182-BB1A98356421} <D:\WINDOWS\DOWNLO~1\PEARSO~1.OCX, >
[Panda ActiveScan]
  {96567F65-E04C-4611-AF29-7CDEA6FA6A84} <D:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[PCTools Browser Monitor]
  {B56A7D7D-6927-48C8-A975-17DF180C71AC} <D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <D:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[GetInfo Class]
  {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <D:\PROGRA~1\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
[WebManager Class]
  {D5792AA9-D373-4039-8670-2CDAB6A71F15} <C:\Program Files\BitRoll\TorrentManager.dll, WakeNet>
[MessengerChecker Class]
  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <D:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.>
[FlashFXP Helper for Internet Explorer]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <C:\PROGRA~1\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[Messenger Class]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[Pearson MathXL Player]
  {E6D23284-0E9B-417D-A782-03E4487FC947} <D:\WINDOWS\DOWNLO~1\MATHPL~1.OCX, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[&Yahoo! Search]
  <file:///D:\Program Files\Yahoo!\Common/ycsrch.htm, N/A>
[Download with GetRight]
  <D:\Program Files\GetRight\GRdownload.htm, N/A>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000, N/A>
[Open with GetRight Browser]
  <D:\Program Files\GetRight\GRbrowse.htm, N/A>
[Yahoo! &Dictionary]
  <file:///D:\Program Files\Yahoo!\Common/ycdict.htm, N/A>
[Yahoo! &Maps]
  <file:///D:\Program Files\Yahoo!\Common/ycmap.htm, N/A>
[Yahoo! &SMS]
  <file:///D:\Program Files\Yahoo!\Common/ycsms.htm, N/A>

==================================
Running Processes
[PID: 692][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][\??\D:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780][\??\D:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4142]
[PID: 828][D:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][D:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][D:\WINDOWS\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4142]
    [D:\WINDOWS\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2504]
[PID: 1028][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1228][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1312][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1396][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1540][D:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4142]
    [D:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2504]
    [D:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4142]
[PID: 1692][D:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 1856][D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [D:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgamint.dll]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7.5.0.407]
[PID: 1892][D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Grisoft\AVG Free\avgupd.dll]  [GRISOFT, s.r.o., 7.5.0.432]
    [D:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgupsvc.dll]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7.5.0.407]
[PID: 1996][D:\Program Files\Spyware Doctor\sdhelp.exe]  [PC Tools, 3.2.0.10]
[PID: 328][D:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1432][D:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1536][D:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.42]
    [D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [D:\Program Files\Grisoft\AVG Free\avgse.dll]  [GRISOFT, s.r.o., 7.5.0.409]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing LP, 4.1 (32-bit)]
    [c:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [D:\PROGRA~1\Yahoo!\Common\ymmapi.dll]  [Yahoo! Inc., 2005, 1, 1, 4]
    [D:\WINDOWS\System32\CmdLineExt.dll]  [Sony DADC Austria AG., 1,0,201,0]
    [D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [D:\Program Files\GetRight\xx2gr.dll]  [Headlight Software, Inc., 6.0b]
    [D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll]  [Sun Microsystems, Inc., 5.0.60.5]
[PID: 1940][D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe]  [GRISOFT, s.r.o., 7.5.0.418]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll]  [GRISOFT, s.r.o., 7.5.0.430]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll]  [GRISOFT, s.r.o., 7.5.0.428]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll]  [GRISOFT, s.r.o., 7.5.0.432]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll]  [N/A, N/A]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [D:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgf.dll]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\AVGRES.DLL]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\avgcckrn.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7.5.0.407]
    [D:\Program Files\Grisoft\AVG Free\avgvault.dll]  [GRISOFT, s.r.o., 7.5.0.420]
    [D:\Program Files\Grisoft\AVG Free\avgrep.dll]  [GRISOFT, s.r.o., 7.5.0.407]
    [D:\Program Files\Grisoft\AVG Free\avgunarc.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avgxch32.dll]  [GRISOFT, s.r.o., 7.5.0.432]
[PID: 1992][C:\PROGRA~1\UnHackMe\hackmon.exe]  [Greatis Software, 2.5.0.215]
[PID: 2008][D:\Program Files\AIM\aim.exe]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\AIM_xmlp.dll]  [N/A, N/A]
    [D:\Program Files\AIM\Xprt.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\oscore.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\Xpcs.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\Xptl.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\idlemon.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscres.dll]  [N/A, N/A]
    [D:\Program Files\AIM\DUNZIP32.dll]  [Inner Media, Inc., 5.00.00]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\AIM\ATE32.dll]  [America Online, Inc., 2.5.18.0]
    [D:\Program Files\AIM\AIMToday.dll]  [N/A, N/A]
    [D:\Program Files\AIM\xprt5.dll]  [America Online, Inc., 5.0.0.4426]
    [D:\WINDOWS\System32\devenum.dll]  [N/A, N/A]
    [D:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\PROGRA~1\AIM\sb.dll]  [America Online, Inc., 9.00.001]
    [D:\PROGRA~1\AIM\xmlparse.dll]  [N/A, N/A]
    [D:\PROGRA~1\AIM\xmltok.dll]  [N/A, N/A]
    [D:\Program Files\AIM\CoolSocket.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\aimres.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\CoolBucky.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\AimCoreSvcs.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\CoolBos.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\AimSecondarySvcs.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscarui.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\WNDUTILS.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\AIMAX.dll]  [N/A, N/A]
    [D:\Program Files\AIM\proto.ocm]  [America Online, Inc., 0.0.0.0]
    [D:\Program Files\AIM\CoolHttp.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\startup.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\aimapi.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\buddyui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\icbmui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\rtvideo.dll]  [America Online, Inc., 1.0.2.1]
    [D:\Program Files\AIM\locateui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\browse.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\chatui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\ticker.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\alertui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscmain.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\miscui.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\osclogin.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\deadaim.ocm]  [JDennis.net Ltd, 4, 5, 0, 0]
    [D:\Program Files\AIM\DAThnk.dap]  [JDennis.net Ltd, 1, 0, 0, 0]
    [D:\Program Files\AIM\stats.ocm]  [N/A, N/A]
    [D:\Program Files\AIM\popup.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscsrch.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\rvapps.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\oscmail.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\NTP.ocm]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\ateima32.dll]  [America Online, Inc., 5.9.3861]
    [D:\Program Files\AIM\CoolSecNss.dll]  [America Online, Inc., 3.6.9.2289]
    [D:\Program Files\AIM\nss3.dll]  [Netscape Communications Corporation, 3.9.2]
    [D:\Program Files\AIM\softokn3.dll]  [Netscape Communications Corporation, 3.9.2]
    [D:\Program Files\AIM\plc4.dll]  [Netscape Communications Corporation, 4.4.1]
    [D:\Program Files\AIM\nspr4.dll]  [Netscape Communications Corporation, 4.4.1]
    [D:\Program Files\AIM\plds4.dll]  [Netscape Communications Corporation, 4.4.1]
    [D:\Program Files\AIM\ssl3.dll]  [Netscape Communications Corporation, 3.9.2]
    [D:\Program Files\AIM\smime3.dll]  [Netscape Communications Corporation, 3.9.2]
    [D:\Program Files\AIM\nssckbi.dll]  [N/A, N/A]
    [D:\WINDOWS\System32\quartz.dll]  [N/A, N/A]
    [D:\Program Files\AIM\inetsocket.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll]  [Yahoo! Inc., 2006, 10, 26, 1]
[PID: 2016][D:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2292][D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe]  [GRISOFT, s.r.o., 7.5.0.417]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AVGABOUT.DLL]  [GRISOFT, s.r.o., 7.5.0.428]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AVGTMGR.DLL]  [GRISOFT, s.r.o., 7.5.0.430]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AVGSET.DLL]  [N/A, N/A]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AVGTEST.DLL]  [GRISOFT, s.r.o., 7.5.0.432]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgf.dll]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\AVGRES.DLL]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\avgscan.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgunarc.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\PROGRA~1\Grisoft\AVGFRE~1\avghlog.dll]  [N/A, N/A]
    [D:\Program Files\Grisoft\AVG Free\avgcore.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [D:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7.5.0.407]
[PID: 2508][D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 908, 5008]
    [D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll]  [Google Inc., 1, 2, 908, 5008]
    [D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll]  [Google Inc., 1, 2, 908, 5008]
[PID: 1924][D:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.0.9: 2006120612]
    [D:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [D:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.1]
    [D:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.0.9: 2006120612]
    [D:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.1]
    [D:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.1]
    [D:\Program Files\Mozilla Firefox\smime3.dll]  [Netscape Communications Corporation, 3.10.2]
    [D:\Program Files\Mozilla Firefox\nss3.dll]  [Netscape Communications Corporation, 3.10.2]
    [D:\Program Files\Mozilla Firefox\softokn3.dll]  [Netscape Communications Corporation, 3.10.2]
    [D:\Program Files\Mozilla Firefox\ssl3.dll]  [Netscape Communications Corporation, 3.10.2]
    [D:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.0.9: 2006120612]
    [D:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.0.9: 2006120612]
    [D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n1f0ei1a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll]  [N/A, N/A]
    [D:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.8.0.9: 2006120612]
    [D:\Program Files\Mozilla Firefox\nssckbi.dll]  [Netscape Communications Corporation, 1.53]
    [D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n1f0ei1a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll]  [N/A, N/A]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.42]
[PID: 3072][D:\Documents and Settings\Owner\Desktop\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
API HOOK
N/A

==================================
Logfile of HijackThis v1.99.1
Scan saved at 12:05:00 AM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.122.174.58:7212
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitRoll\TorrentManager.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\PROGRA~1\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163549841687
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - D:\Program Files\Spyware Doctor\sdhelp.exe
 

·
Registered
Joined
·
2,009 Posts
Hi Chris

I am really sorry something happened to my subscribtion to this post I will have a reply later today

deepest apologies

alba
 

·
Registered
Joined
·
2,009 Posts
Hello chrisr84

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

=========================================

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • D:\Documents and Settings\All Users\Application Data\pokemovetitleooze

Do you know what these folders are from if not you may delete them
  • D:\Program Files\messballcomp
  • D:\Documents and Settings\Owner\Application Data\Messballcomp


If the folder gives you problems when deleting reboot to safe mode and delete it from there
======================

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in below:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\title ooze up wma]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greybyte]


Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:


Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

=====================


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
        [*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


=============================================

Run combofix once again in the following manner:

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


========================
I'd also like to see the following list:

Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The Uninstall list in HJT will automatically be saved to the HijackThis folder and named uninstall_list.txt.

Please Run a scan with HiJackThis in Normal mode and save the log

===============================================

In your next post, please include fresh logs from:
  1. Online scan
  2. C:\ComboFix.txt
  3. uninstall_list.txt.
  4. HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top