its the same problem , i've done the ad-adware, and all them little virus debugger things
Dr Watson , unable to open folder
Started by
anto1313
, Mar 05 2005 05:53 PM
#1
Posted 05 March 2005 - 05:53 PM
its the same problem , i've done the ad-adware, and all them little virus debugger things
#2
Posted 05 March 2005 - 05:55 PM
forgot to add the htf , sorry , i really do need you help
Logfile of HijackThis v1.99.1
Scan saved at 23:53:18, on 05/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Anthony Formela\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kqape.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BD9F01E8-BBEC-4791-99A6-0B3141961A1C} - C:\WINDOWS\system32\mfcfu32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win32info] c:\windows\system32\win32info.exe /noconnect
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [33939760.exe] C:\WINDOWS\System32\33939760.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /nocomm
O4 - HKLM\..\Run: [nscntrl] c:\windows\system32\nscntrl.exe /nocomm
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [sysme] C:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [pmcqt] c:\windows\system32\pmcqt.exe /nocomm
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [netci32.exe] C:\WINDOWS\system32\netci32.exe
O4 - HKLM\..\Run: [crrf32.exe] C:\WINDOWS\system32\crrf32.exe
O4 - HKLM\..\Run: [addmu.exe] C:\WINDOWS\system32\addmu.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [apidu32.exe] C:\WINDOWS\system32\apidu32.exe
O4 - HKLM\..\Run: [apirv32.exe] C:\WINDOWS\system32\apirv32.exe
O4 - HKLM\..\Run: [mfcur32.exe] C:\WINDOWS\system32\mfcur32.exe
O4 - HKLM\..\Run: [croa32.exe] C:\WINDOWS\system32\croa32.exe
O4 - HKLM\..\Run: [mfchk32.exe] C:\WINDOWS\system32\mfchk32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [mskh32.exe] C:\WINDOWS\system32\mskh32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [msdo.exe] C:\WINDOWS\system32\msdo.exe
O4 - HKLM\..\Run: [addcn32.exe] C:\WINDOWS\system32\addcn32.exe
O4 - HKLM\..\Run: [sysjr.exe] C:\WINDOWS\system32\sysjr.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [javawz.exe] C:\WINDOWS\system32\javawz.exe
O4 - HKLM\..\Run: [apixd.exe] C:\WINDOWS\system32\apixd.exe
O4 - HKLM\..\Run: [apihm32.exe] C:\WINDOWS\system32\apihm32.exe
O4 - HKLM\..\Run: [Chin Mags Glue Title] C:\Documents and Settings\All Users\Application Data\BALL DATA CHIN MAGS\GLUE PING.exe
O4 - HKLM\..\Run: [ntom.exe] C:\WINDOWS\system32\ntom.exe
O4 - HKLM\..\Run: [ntel32.exe] C:\WINDOWS\system32\ntel32.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\pfbgxw.dll,_mainRD
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DoesLiteSurfMulti] C:\Documents and Settings\All Users\Application Data\phone thunk does lite\meal aim.exe
O4 - HKLM\..\Run: [netji.exe] C:\WINDOWS\system32\netji.exe
O4 - HKLM\..\Run: [javahg.exe] C:\WINDOWS\system32\javahg.exe
O4 - HKLM\..\Run: [sysuu.exe] C:\WINDOWS\system32\sysuu.exe
O4 - HKLM\..\Run: [roqzyik] c:\windows\system32\roqzyik.exe -start
O4 - HKLM\..\Run: [VBEPVQWR] c:\windows\system32\vbepvqwr.exe /install
O4 - HKLM\..\Run: [sysdxvid] c:\windows\system32\sysdxvid.exe /nocomm
O4 - HKLM\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Main32] c:\windows\system32\main32.exe
O4 - HKCU\..\Run: [Main16] c:\windows\system32\main16.exe
O4 - HKCU\..\Run: [Pwr32ctrl] c:\windows\system32\pwr32ctrl.exe
O4 - HKCU\..\Run: [Sysint16] c:\windows\system32\sysint16.exe
O4 - HKCU\..\Run: [Cmx32] c:\windows\system32\cmx32.exe
O4 - HKCU\..\Run: [Diskinf] c:\windows\system32\diskinf.exe
O4 - HKCU\..\Run: [Mousecntl] c:\windows\system32\mousecntl.exe
O4 - HKCU\..\Run: [real about] C:\DOCUME~1\ANTHON~1\APPLIC~1\BINVCL~1\type mode phone.exe
O4 - HKCU\..\Run: [Kbddrv32] c:\windows\system32\kbddrv32.exe
O4 - HKCU\..\Run: [Dllreg] c:\windows\system32\dllreg.exe
O4 - HKCU\..\Run: [Infdisk] c:\windows\system32\infdisk.exe
O4 - HKCU\..\Run: [Sd32info] c:\windows\system32\sd32info.exe
O4 - HKCU\..\Run: [Mousebut] c:\windows\system32\mousebut.exe
O4 - HKCU\..\Run: [Unldr32] c:\windows\system32\unldr32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe
O4 - HKCU\..\Run: [Videocntl] c:\windows\system32\videocntl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: LimeWire 4.2.3.lnk = C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {725E17C7-2B9A-42BA-AAE2-754FA08120BD} - http://www.medion.co.uk (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...dtc32_EN_XP.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) - http://www.sexprovid...S04/install.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {58F0B492-A42E-435A-BCBF-C6B2608077BA} - http://ak.imgfarm.co...etup1.0.0.7.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netve...k/uk/games4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F69F1E4E-49CF-11D7-8240-00024402D8D1} (LofRa Control) - file://C:\Documents and Settings\Anthony Formela\Desktop\LofR.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\System32\Wt32exe.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Network Security Service (NSS) ( 6Q'8) - Unknown owner - C:\WINDOWS\system32\winis.exe
Logfile of HijackThis v1.99.1
Scan saved at 23:53:18, on 05/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Anthony Formela\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kqape.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kqape.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BD9F01E8-BBEC-4791-99A6-0B3141961A1C} - C:\WINDOWS\system32\mfcfu32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win32info] c:\windows\system32\win32info.exe /noconnect
O4 - HKLM\..\Run: [tblfunc] tblmouse.exe
O4 - HKLM\..\Run: [33939760.exe] C:\WINDOWS\System32\33939760.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /nocomm
O4 - HKLM\..\Run: [nscntrl] c:\windows\system32\nscntrl.exe /nocomm
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [sysme] C:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [pmcqt] c:\windows\system32\pmcqt.exe /nocomm
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [netci32.exe] C:\WINDOWS\system32\netci32.exe
O4 - HKLM\..\Run: [crrf32.exe] C:\WINDOWS\system32\crrf32.exe
O4 - HKLM\..\Run: [addmu.exe] C:\WINDOWS\system32\addmu.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [apidu32.exe] C:\WINDOWS\system32\apidu32.exe
O4 - HKLM\..\Run: [apirv32.exe] C:\WINDOWS\system32\apirv32.exe
O4 - HKLM\..\Run: [mfcur32.exe] C:\WINDOWS\system32\mfcur32.exe
O4 - HKLM\..\Run: [croa32.exe] C:\WINDOWS\system32\croa32.exe
O4 - HKLM\..\Run: [mfchk32.exe] C:\WINDOWS\system32\mfchk32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [mskh32.exe] C:\WINDOWS\system32\mskh32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [msdo.exe] C:\WINDOWS\system32\msdo.exe
O4 - HKLM\..\Run: [addcn32.exe] C:\WINDOWS\system32\addcn32.exe
O4 - HKLM\..\Run: [sysjr.exe] C:\WINDOWS\system32\sysjr.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [javawz.exe] C:\WINDOWS\system32\javawz.exe
O4 - HKLM\..\Run: [apixd.exe] C:\WINDOWS\system32\apixd.exe
O4 - HKLM\..\Run: [apihm32.exe] C:\WINDOWS\system32\apihm32.exe
O4 - HKLM\..\Run: [Chin Mags Glue Title] C:\Documents and Settings\All Users\Application Data\BALL DATA CHIN MAGS\GLUE PING.exe
O4 - HKLM\..\Run: [ntom.exe] C:\WINDOWS\system32\ntom.exe
O4 - HKLM\..\Run: [ntel32.exe] C:\WINDOWS\system32\ntel32.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\pfbgxw.dll,_mainRD
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DoesLiteSurfMulti] C:\Documents and Settings\All Users\Application Data\phone thunk does lite\meal aim.exe
O4 - HKLM\..\Run: [netji.exe] C:\WINDOWS\system32\netji.exe
O4 - HKLM\..\Run: [javahg.exe] C:\WINDOWS\system32\javahg.exe
O4 - HKLM\..\Run: [sysuu.exe] C:\WINDOWS\system32\sysuu.exe
O4 - HKLM\..\Run: [roqzyik] c:\windows\system32\roqzyik.exe -start
O4 - HKLM\..\Run: [VBEPVQWR] c:\windows\system32\vbepvqwr.exe /install
O4 - HKLM\..\Run: [sysdxvid] c:\windows\system32\sysdxvid.exe /nocomm
O4 - HKLM\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Main32] c:\windows\system32\main32.exe
O4 - HKCU\..\Run: [Main16] c:\windows\system32\main16.exe
O4 - HKCU\..\Run: [Pwr32ctrl] c:\windows\system32\pwr32ctrl.exe
O4 - HKCU\..\Run: [Sysint16] c:\windows\system32\sysint16.exe
O4 - HKCU\..\Run: [Cmx32] c:\windows\system32\cmx32.exe
O4 - HKCU\..\Run: [Diskinf] c:\windows\system32\diskinf.exe
O4 - HKCU\..\Run: [Mousecntl] c:\windows\system32\mousecntl.exe
O4 - HKCU\..\Run: [real about] C:\DOCUME~1\ANTHON~1\APPLIC~1\BINVCL~1\type mode phone.exe
O4 - HKCU\..\Run: [Kbddrv32] c:\windows\system32\kbddrv32.exe
O4 - HKCU\..\Run: [Dllreg] c:\windows\system32\dllreg.exe
O4 - HKCU\..\Run: [Infdisk] c:\windows\system32\infdisk.exe
O4 - HKCU\..\Run: [Sd32info] c:\windows\system32\sd32info.exe
O4 - HKCU\..\Run: [Mousebut] c:\windows\system32\mousebut.exe
O4 - HKCU\..\Run: [Unldr32] c:\windows\system32\unldr32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe
O4 - HKCU\..\Run: [Videocntl] c:\windows\system32\videocntl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Startup: Quick StartUp.lnk = C:\PENSOFT\fquick32.exe
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: LimeWire 4.2.3.lnk = C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {725E17C7-2B9A-42BA-AAE2-754FA08120BD} - http://www.medion.co.uk (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...dtc32_EN_XP.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) - http://www.sexprovid...S04/install.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {58F0B492-A42E-435A-BCBF-C6B2608077BA} - http://ak.imgfarm.co...etup1.0.0.7.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netve...k/uk/games4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F69F1E4E-49CF-11D7-8240-00024402D8D1} (LofRa Control) - file://C:\Documents and Settings\Anthony Formela\Desktop\LofR.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINDOWS\System32\Wt32exe.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Network Security Service (NSS) ( 6Q'8) - Unknown owner - C:\WINDOWS\system32\winis.exe
#3
Posted 06 March 2005 - 12:18 PM
PLEASE , I REALLY DO NEED ANY ONES HELP , i wouldnt bother you , if i havnt tryed everything else already
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users