Can not run HiJackThis in safe mode or normal please help

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

Can not run HiJackThis in safe mode or normal please help, Can not open HiJackThis

Options

grimlen View Member Profile	May 25 2007, 04:34 AM Post #1
Member Posts: 33 OS: XP	I have windows xp home edition sp2 have removed drive and installed on a separate pc, ran TrendMicro housecall and AVG antivirus, removed some viruses, then reinserted into box, still having same issues. I have also installed and ran smitfraudfix, adaware, and spybot SD, all scans were done first in safe mode then in normal, then in safe. This is a 2 fold problem, part 1. when searching for antivirus/anti spyware help browser window closes, IE and Firefox. part 2. i have downloaded and have tried running HJT but it starts to open then imidiately closes. Not sure whatelse i can describe. Thank you,

loophole View Member Profile	May 25 2007, 07:45 AM Post #2
Geek Mod Posts: 9,218 From: Indiana U.S. A. OS: 2000, xp, xp pro, Linux	Hi Lets try this, If no joy post back and we will try something else. If combofix runs and produces a log go ahead and post it and hold off on the second option Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners. Save it to the desktop. Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop. You will receive a prompt: Do you want to skip supplementary searches? click NO If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs. You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!) Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here. NOTE If you receive any warning message about scripts, please choose to allow the script to run.

grimlen View Member Profile	May 25 2007, 01:39 PM Post #3
Member Posts: 33 OS: XP	After running the combo fix still could not open HJT moved on to 2nd step COMBO FIX Log "Jim Humphrey" - 2007-05-25 8:56:39 Service Pack 2 [SAFE MODE] ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\Jim Humphrey\Desktop\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) "C:\DOCUME~1\JIMHUM~1\APPLIC~1\Microsoft\classes.dat" "C:\Documents and Settings\All Users.\documents\settings\desktop.ini" "C:\WINDOWS\system32\drivers\etc\hosts.tim" "C:\WINDOWS\system32\imas3r" "C:\WINDOWS\gc_407.cnf" "C:\WINDOWS\gsc_407.cnf" "C:\Documents and Settings\All Users.\documents\settings" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 )))))))))))))))))))))))))))))))))) 2007-05-24 19:41 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-05-24 18:52 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-05-24 18:52 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2007-05-24 18:52 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2007-05-24 16:32 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab 2007-05-24 12:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-24 11:54 4,936 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-05-24 08:44 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll 2007-05-24 08:44 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys 2007-05-24 08:43 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys 2007-05-23 10:40 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.JIM\UserData (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-25 18:39:47 103 ----a-w C:\WINDOWS\taskmen32.pif 2007-05-25 09:21:22 -------- d-----w C:\DOCUME~1\JIMHUM~1\APPLIC~1\Skype 2007-05-25 08:26:08 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-05-25 00:04:28 -------- d-----w C:\Program Files\ICQToolbar 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-03-27 04:32:20 163,644 ----a-w C:\WINDOWS\system32\drivers\SECDRV.SYS 2007-03-21 21:27:53 -------- d-----w C:\Program Files\Rosetta Stone 2007-03-21 21:24:48 -------- d--h--w C:\Program Files\Zero G Registry 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-07 21:03:54 60,416 ----a-w C:\WINDOWS\system32\hjthis101.dll 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2006-03-09 19:29] {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll [2006-12-17 16:57] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {243B17DE-77C7-46BF-B94B-0B5F309A0E64}=C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 07:00] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 21:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}=C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 08:41] {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}=C:\WINDOWS\system32\fontextb.dll [] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-19 23:55] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll [2005-09-20 18:12] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 00:09] {DDEC2387-6435-46B6-AF8C-1075F6EBF08B}=C:\WINDOWS\system32\admparsez.dll [2006-12-26 20:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-04-24 12:58] "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 06:27] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 15:47] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-17 06:23] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 16:11] "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 12:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-21 05:41] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 16:54] "PD6000StatusMonitor"="C:\WINDOWS\System32\PD6000SM.EXE" [2003-10-16 08:19] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-09-08 11:24] "HostManager"="C:\Program Files\Common Files\AOL\1127857709\ee\AOLSoftware.exe" [2005-12-15 15:38] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sonic RecordNow!"="" [] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-07 12:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}"="C:\WINDOWS\system32\admparsez.dll" [2006-12-26 20:12] "{B0099233-1FF5-4326-A3E8-24AE1DF18D57}"="C:\WINDOWS\system32\hjthis101.dll" [2007-02-07 11:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled] C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll Newly Created Service -DCFS2K Contents of the 'Scheduled Tasks' folder 2007-05-05 19:35:32 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job 2007-05-24 22:03:04 C:\WINDOWS\tasks\Symantec NetDetect.job ****************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-25 09:01:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... cmd.exe [1388] scanning hidden autostart entries ... scanning hidden files ... ****************************************************************** Completion time: 2007-05-25 9:01:59 C:\ComboFix-quarantined-files.txt ... 2007-05-25 09:01 --- E O F --- Combo Fix Quar Log CODE 2005-10-21 12:26 376180 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\adeeg.ini.vir 2005-12-27 09:03 498754 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\adeeg.bak1.vir 2006-05-30 14:25 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ImaS3r.vir 2006-06-06 18:30 764 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.tim.vir 2006-06-07 07:15 11958 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\JIMHUM~1\APPLIC~1\Microsoft\classes.dat.vir 2006-09-06 11:41 167 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\desktop.ini.vir 2007-05-23 10:29 2057 --a------ C:\Qoobox\Quarantine\C\WINDOWS\gsc_407.cnf.vir 2007-05-23 10:29 42 --a------ C:\Qoobox\Quarantine\C\WINDOWS\gc_407.cnf.vir Folder PATH listing Volume serial number is 3432-8588 C:\QOOBOX \---Quarantine +---C \| +---Documents and Settings \| \| \---All Users \| \| \---Documents \| \| \---Settings \| \| desktop.ini.vir \| \| \| +---DOCUME~1 \| \| \---JIMHUM~1 \| \| \---APPLIC~1 \| \| \---Microsoft \| \| classes.dat.vir \| \| \| \---WINDOWS \| \| gc_407.cnf.vir \| \| gsc_407.cnf.vir \| \| \| \---SYSTEM32 \| \| adeeg.bak1.vir \| \| adeeg.ini.vir \| \| ImaS3r.vir \| \| \| \---DRIVERS \| \---ETC \| hosts.tim.vir \| \---Registry_backups Silent Runners Log "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Sonic RecordNow!" = "(empty string)" [file not found] "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS] "DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "DVDSentry" = "C:\WINDOWS\System32\DSentry.exe" ["Dell - Advanced Desktop Engineering"] "PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "ccRegVfy" = ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"] "AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["America Online, Inc"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "Pure Networks Port Magic" = ""C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run" ["Pure Networks, Inc."] "PD6000StatusMonitor" = "C:\WINDOWS\System32\PD6000SM.EXE" ["Eastman Kodak Company"] "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "HostManager" = "C:\Program Files\Common Files\AOL\1127857709\ee\AOLSoftware.exe" ["America Online, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll" ["Yahoo! Inc."] {055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = "XTTBPos00" -> {HKLM...CLSID} = "XTTBPos00 Class" \InProcServer32\(Default) = "C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll" ["IE Toolbar"] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {243B17DE-77C7-46BF-B94B-0B5F309A0E64}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher" -> {HKLM...CLSID} = "AOL Toolbar Launcher" \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."] {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\fontextb.dll" [file not found] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "MSN Search Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll" [MS] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = (no title provided) -> {HKLM...CLSID} = "CNavExtBho Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] {DDEC2387-6435-46B6-AF8C-1075F6EBF08B}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\admparsez.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" ["Sonic Solutions"] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"] "{02040CD1-EF11-11D5-BC3F-0003473F5BF0}" = "HotShell Shell Extension" -> {HKLM...CLSID} = "HotShellExt Class" \InProcServer32\(Default) = "C:\Program Files\j2 Messenger\hotshell.dll" ["j2 Global Communications, Inc."] "{7CDDBD23-1B50-47b2-B28D-1B84D9A40ED1}" = "Sony Digital Voice File Shell Extention Module" -> {HKLM...CLSID} = "Sony Digital Voice File Shell Extention Module" \InProcServer32\(Default) = "IcdShlex.dll" ["Sony Corporation"] "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension" -> {HKLM...CLSID} = "KodakShellExtension" \InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search" -> {HKLM...CLSID} = "Windows Desktop Search" \InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\EXT\02.05.0001.1119\en-us\msnlExt.dll" [MS] "{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "MSN Deskbar" -> {HKLM...CLSID} = "MSN Search Deskbar" \InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\DB\02.05.0000.1082\en-us\deskbar.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <<!>> "{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}" = "Master Browseui" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\admparsez.dll" [null data] <<!>> "{B0099233-1FF5-4326-A3E8-24AE1DF18D57}" = "google service" -> {HKLM...CLSID} = "C:\WINDOWS\system32\hjthis101.dll" \InProcServer32\(Default) = "C:\WINDOWS\system32\hjthis101.dll" [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk "\| [file not found]\| [file not found]\| [file not found]\| [file not found]\| [file not found]\| [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\\shellex\ContextMenuHandlers\ HotShellExt\(Default) = "{02040CD1-EF11-11D5-BC3F-0003473F5BF0}" -> {HKLM...CLSID} = "HotShellExt Class" \InProcServer32\(Default) = "C:\Program Files\j2 Messenger\hotshell.dll" ["j2 Global Communications, Inc."] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\ymmapi.dll" [file not found] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Default executables: -------------------- HKCU\Software\Classes\.bat\(Default) = (value not set) HKCU\Software\Classes\.cmd\(Default) = (value not set) HKCU\Software\Classes\.com\(Default) = (value not set) HKCU\Software\Classes\.exe\(Default) = "exefile" HKCU\Software\Classes\.hta\(Default) = (value not set) <<!>> HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" %" [file not found] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Jim Humphrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "Jim Humphrey" & "All Users" startup folders: -------------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "America Online 9.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 9.0c\aoltray.exe -check" ["America Online, Inc."] "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "HP Image Zone Fast Start" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data] "j2 Tray Menu" -> shortcut to: "C:\Program Files\j2 Messenger\HotTray.exe" ["j2 Global Communications, Inc."] "Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h" ["Eastman Kodak Company"] "Live Menu" -> shortcut to: "C:\Program Files\j2 Messenger\Dllcmd32.exe /R /K C:\PROGRA~1\J2MESS~1\HsPfcW32.dll,JSPFCWSetHooking,1,0,0,0" ["j2 Global Communications, Inc."] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll" ["Yahoo! Inc."] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll" ["IE Toolbar"] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "MSN Search Toolbar" \InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll" [MS] "{DE9C389F-3316-41A7-809B-AA305ED9D922}" -> {HKLM...CLSID} = "AOL Toolbar" \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll" ["IE Toolbar"] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided) -> {HKLM...CLSID} = "MSN Search Toolbar" \InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll" [MS] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll" ["Yahoo! Inc."] "{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar" -> {HKLM...CLSID} = "AOL Toolbar" \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" ["Yahoo! Inc."] HKLM\Software\Classes\CLSID\{D6A116E7-5906-42E4-87F6-E7E15936415E}\(Default) = "MoneySide" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {3369AF0D-62E9-4BDA-8103-B4C75499B578}\ "ButtonText" = "AOL Toolbar" "CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922}" -> {HKLM...CLSID} = "AOL Toolbar" \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."] {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ "ButtonText" = "Messenger" "MenuText" = "Yahoo! Messenger" "CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" ["Yahoo! Inc."] {AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\ "ButtonText" = "AIM" "Exec" = "C:\PROGRA~1\AIM\aim.exe" ["America Online, Inc."] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."] {E023F504-0C5A-4750-A1E7-A9046DEA8A21}\ "ButtonText" = "MoneySide" "CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" = "AOL Search" -> {HKLM...CLSID} = "AOLTBSearch Class" \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."] <<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll" ["IE Toolbar"] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is not* localhost! All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."] ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS] Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] InstallDriver Table Manager, IDriverT, ""C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"" ["Macrovision Corporation"] Intel NCS NetService, NetSvc, "C:\Program Files\Intel\NCS\Sync\NetSvc.exe" ["Intel® Corporation"] iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"] Logical Disk Manager Administrative Service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"] Network Provisioning Service, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]} NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"] Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\MsPMSNSv.dll" [MS]} ScriptBlocking Service, SBService, "C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Password Validation Service, ccPwdSvc, ""C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"" ["Symantec Corporation"] SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"] WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] WMI Performance Adapter, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = "hptcpmon.dll" ["Hewlett Packard"] hpzlnt10\Driver = "hpzlnt10.dll" ["HP"] Kodak PD6000 Language Monitor\Driver = "PD6000LM.dll" ["Eastman Kodak Company"] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see everywhere the script checks and everything it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 26 seconds. ---------- (total run time: 60 seconds)

loophole View Member Profile	May 25 2007, 02:25 PM Post #4
Geek Mod Posts: 9,218 From: Indiana U.S. A. OS: 2000, xp, xp pro, Linux	Hi Lets get going with this Download win32delfkil.exe. Save it on your desktop. Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil. Close all windows, open the win32delfkil folder and double click on fix.bat. The computer will reboot automatically. Post the contents of the logfile c\windelf.txt, along with a new hijackhislog. NOTE This variant kills win32delfkil.exe. When the tool has been closed, start it again. When it has been closed again, start it again... and again... After max 5 times win32delfkil should be started and doing its job. Let me know how it goes and post the logs Thanks

grimlen View Member Profile	May 25 2007, 05:54 PM Post #5
Member Posts: 33 OS: XP	BTW thanks for the help HJT Log Logfile of HijackThis v1.99.1 Scan saved at 1:53:14 PM, on 5/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Jim Humphrey\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aroundhawaii.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127857709\ee\AOLSoftware.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: j2 Tray Menu.lnk = C:\Program Files\j2 Messenger\HotTray.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Live Menu.lnk = C:\Program Files\j2 Messenger\Dllcmd32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.easysite.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - http://www.easysite.com/controls/ImgXTwain61.CAB O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - http://www.easysite.com/controls/ImgXDialog61.CAB O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pmicoaching.webex.com/client/v_mywe...bex/ieatgpc.cab O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://zllin.info/p/us26/26.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.easysite.com/controls/XUpload.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Windelf log WIN32DELFKIL LOGFILE - by Marckie version 3.126 Fri 05/25/2007 13:41:59.43 running from: "C:\" --- File(s) found in Windows directory --- --- File(s) found in system32 folder --- --- Services --- --- Export SharedTaskScheduler key --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\AutorunsDisabled] "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z" "{2188CEDE-B239-484C-8EA6-B84DC1001001}"="ascqiuwefdic" "{B29BE267-3A64-4F7E-8A57-75FB5E900503}"="Windows Updater" "{CEDE2188-484C-B239-A68E-DC1B84001001}"="wvkiikptxpwg" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z" "{D1159422-16E3-462F-A93D-FB718E100407}"="za" "{D4C5947D-16E3-462F-A93D-FB718E100406}"="z" --- sharedtaskkey (1): A4F94C0C-54A7-4DB1-9AF3-B22E63D00311 --- no keys found --- sharedtaskkey (2): 2188CEDE-B239-484C-8EA6-B84DC1001001 --- no keys found --- sharedtaskkey (3): B29BE267-3A64-4F7E-8A57-75FB5E900503 --- no keys found --- sharedtaskkey (4): CEDE2188-484C-B239-A68E-DC1B84001001 --- no keys found --- sharedtaskkey (5): A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 --- no keys found --- sharedtaskkey (6): A4F94C0C-54A7-4DB1-9AF3-B22E63D00402 --- no keys found --- sharedtaskkey (7): A4F94C0C-54A7-4DB1-9AF3-B22E63D00403 --- no keys found --- sharedtaskkey (8): A4F94C0C-54A7-4DB1-9AF3-B22E63D00404 --- no keys found --- sharedtaskkey (9): D1159422-16E3-462F-A93D-FB718E100407 --- no keys found --- sharedtaskkey (10): D4C5947D-16E3-462F-A93D-FB718E100406 --- no keys found --- Notify key --- --- rebooting the computer --- --- File(s) found in Windows directory --- --- File(s) found in system32 folder --- --- Services --- --- Export SharedTaskSchedulerkey --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\AutorunsDisabled] "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z" "{2188CEDE-B239-484C-8EA6-B84DC1001001}"="ascqiuwefdic" "{B29BE267-3A64-4F7E-8A57-75FB5E900503}"="Windows Updater" "{CEDE2188-484C-B239-A68E-DC1B84001001}"="wvkiikptxpwg" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z" "{D1159422-16E3-462F-A93D-FB718E100407}"="za" "{D4C5947D-16E3-462F-A93D-FB718E100406}"="z" --- sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00311 --- no keys found --- sharedtaskkey: 2188CEDE-B239-484C-8EA6-B84DC1001001 --- no keys found --- sharedtaskkey: B29BE267-3A64-4F7E-8A57-75FB5E900503 --- no keys found --- sharedtaskkey: CEDE2188-484C-B239-A68E-DC1B84001001 --- no keys found --- sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 --- no keys found --- sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00402 --- no keys found --- sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00403 --- no keys found --- sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00404 --- no keys found --- sharedtaskkey: D1159422-16E3-462F-A93D-FB718E100407 --- no keys found --- sharedtaskkey: D4C5947D-16E3-462F-A93D-FB718E100406 --- no keys found --- Notify key --- Finished!

loophole View Member Profile	May 25 2007, 07:39 PM Post #6
Geek Mod Posts: 9,218 From: Indiana U.S. A. OS: 2000, xp, xp pro, Linux	Hi again. QUOTE BTW thanks for the help Your welcome Is that Hijack log from Normal windows? It looks like it is from safe mode? Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://zllin.info/p/us26/26.cab O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Please rerun Combo fix and post the resulting log Thanks

grimlen

May 25 2007, 08:45 PM

Post #7

Member

Posts: 33
OS: XP

ok so i ran everything in normal and safemode,

I will post normal mode logs first then safemode logs.

HJT Normal

Logfile of HijackThis v1.99.1
Scan saved at 4:41:14 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\PD6000SM.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0c\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\j2 Messenger\HotTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\j2 Messenger\Dllcmd32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jim Humphrey\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu3E\toolbaru.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE
O4 - HKLM\..\Ru