"
SEVERELY"? I appreciate your help, and I will thoroughly follow your instructions, even if they contradict my morals!
Here are the current results.
-----------------------------------------------------------------------------
ComboFix Log
-----------------------------------------------------------------------------
Owner - 06-08-25 22:22:01.93
ComboFix 06.08.24 - Running from: C:\
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
2006-08-20 10:07 52 --a------ C:\WINDOWS\neonoc.dat
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
06-08-20 10:07 52 neonoc.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bk.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\icon_mediamotor.exe
C:\WINDOWS\system32\ts_mediamotor.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wtssvtr.exe
C:\Program Files\Deskbar
C:\Program Files\PSLister
C:\Program Files\TClock
C:\Program Files\Common Files\{EC3FC80B-0958-1033-1202-030512200001}
C:\WINDOWS\Duce6.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Owner\Application Data\RACLE~1
C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET
((((((((((((((((((((((((((((((( Files Created from 2006-07-25 to 2006-08-25 ))))))))))))))))))))))))))))))))))
2006-08-25 22:16 106,496 --a------ C:\WINDOWS\Duce6.exe
2006-08-25 22:04 297,246 --a------ C:\combofix.exe
2006-08-25 14:51 159,744 --a------ C:\WINDOWS\ms04364341-331.exe
2006-08-21 23:09 159,744 --a------ C:\WINDOWS\sys031364341-332006.exe
2006-08-21 22:34 159,744 --a------ C:\WINDOWS\ms064341-331362006.exe
2006-08-21 17:41 25 --a------ C:\WINDOWS\win320841-33136432006.exe
2006-08-20 10:13 14,617 --a------ C:\WINDOWS\xload.exe
2006-08-20 10:12 1,167 --a------ C:\WINDOWS\system32\jyc47198.sys
2006-08-20 10:08 214,752 --a------ C:\Setup100.exe
2006-08-20 10:08 186,223 --a------ C:\WINDOWS\srvyoeckew.exe
2006-08-03 11:57 16,264 --a------ C:\WINDOWS\system32\msmc.exe
2006-08-02 19:22 109,368 --a------ C:\OiUninstaller.exe
2006-07-27 23:18 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-07-27 23:18 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-07-27 23:18 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2006-07-26 12:20 613 --a------ C:\WINDOWS\ciwxg.dll
2006-07-26 12:20 32,976 --a------ C:\WINDOWS\system32\uninstIcn.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-25 22:22 -------- d-a------ C:\Program Files\Common Files
2006-08-25 21:08 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-25 21:08 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-25 21:08 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-25 21:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-08-25 21:07 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-25 21:07 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-25 21:07 -------- d-------- C:\Program Files\Grisoft
2006-08-25 21:06 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-25 15:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\TrojanHunter
2006-08-25 14:58 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-08-25 14:52 -------- d-------- C:\Program Files\QuickTime
2006-08-25 14:52 -------- d-------- C:\Program Files\MSN Messenger
2006-08-25 14:52 -------- d-------- C:\Program Files\AIM
2006-08-25 14:51 -------- d-------- C:\Program Files\Internet Explorer
2006-08-24 11:35 -------- d-------- C:\Documents and Settings\Owner\Application Data\{27ABEAD9-B7C4-4994-891F-48F5F48861FA}
2006-08-24 06:54 -------- d-------- C:\Program Files\MySpace
2006-08-22 20:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2006-08-22 14:06 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-22 14:06 -------- d-------- C:\Program Files\Panasonic
2006-08-22 14:06 -------- d-------- C:\Program Files\MKE
2006-08-21 13:39 -------- d-------- C:\Documents and Settings\Owner\Application Data\çasks
2006-08-20 23:50 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-20 22:30 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-20 10:20 -------- d-------- C:\Program Files\Common Files\rikk
2006-08-20 10:08 -------- d-------- C:\Program Files\MSN
2006-08-15 22:28 90240 --a------ C:\WINDOWS\system32\drivers\sptd8589.sys
2006-08-15 22:28 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-07-29 22:10 -------- d-------- C:\Program Files\ComcastToolbar
2006-07-27 09:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-07-27 00:47 543684 --a------ C:\Documents and Settings\Owner\Application Data\FNTCACHE.BIN
2006-07-27 00:05 264248 --a------ C:\Documents and Settings\Owner\Application Data\perfc012.dat
2006-07-26 22:27 5609 --a------ C:\Program Files\hijackthis.log
2006-07-06 17:01 -------- d-------- C:\Program Files\Fujifilm e-Systems
2006-07-06 17:01 -------- d-------- C:\Documents and Settings\Owner\Application Data\Digital Album Organizer
2006-07-06 17:00 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-06-17 02:31 218112 --a------ C:\HijackThis.exe
2006-06-06 12:37 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"msmc"=""
"rftwkhsA"="C:\\WINDOWS\\rftwkhsA.exe"
"jyc47198"="RUNDLL32.EXE w4389d25.dll,n 00347195000000034389d25"
"xload"="\"C:\\WINDOWS\\xload.exe\""
"WinTask.exe"="C:\\WINDOWS\\WinTask.exe"
"Uninstall_WinTools"="C:\\WINDOWS\\Temp\\WTuninst.exe /remove"
"Txuuegk"="C:\\Program Files\\Itmot\\Qkuog.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"System service79"="C:\\WINDOWS\\etb\\pokapoka79.exe"
"svrrun"="C:\\WINDOWS\\svrrun.exe"
"SStb.exe"="C:\\WINDOWS\\SStb.exe"
"ssqb.exe"="ssqb.exe"
"seekmo"="\"c:\\program files\\seekmo\\seekmo.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\en-us\\msnappau.exe\""
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"dnscleaner"="C:\\WINDOWS\\dnscleaner.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"DeskAd Service"="C:\\Program Files\\DeskAd Service\\DeskAdServ.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"4s9f3sO"="jv6nlrt7oj.exe"
"ms04364341-331"="C:\\WINDOWS\\ms04364341-331.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rikk"="C:\\PROGRA~1\\COMMON~1\\rikk\\rikkm.exe"
"Jlqfdm"="C:\\Documents and Settings\\Owner\\Application Data\\?racle\\l?[bleep].exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Yahoo! Pager"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe -quiet"
"Registry Cleaner"="\"C:\\Program Files\\Registry Cleaner\\RegClean.exe\""
"PSLister"="\"C:\\Program Files\\PSLister\\PSLister.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"LBqpRii7i"="jniyeze11378io.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\MSN Gaming Zone\\kyce.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\MSN\\hozyre.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"=""
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,d8,00,00,00,cc,00,00,00,ec,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:00,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,01,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,d8,00,00,00,cc,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\C:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\C:\WINDOWS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\C:\WINDOWS\hnjnszb.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hnjnszb"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\hnjnszb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"ZESOFT"=dword:00000002
"WinToolsSvc"=dword:00000002
"TBPSSvc"=dword:00000002
"iPodService"=dword:00000003
Completion time: Fri 08/25/2006 22:27:39.64
ComboFix.txt
ComboFix2.txt
-----------------------------------------------------------------------------
HiJackThis Log
-----------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:34:28 PM, on 8/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Qoofix & Ewido\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\ms04364341-331.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [rftwkhsA] C:\WINDOWS\rftwkhsA.exe
O4 - HKLM\..\Run: [jyc47198] RUNDLL32.EXE w4389d25.dll,n 00347195000000034389d25
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [WinTask.exe] C:\WINDOWS\WinTask.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [Txuuegk] C:\Program Files\Itmot\Qkuog.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\Run: [svrrun] C:\WINDOWS\svrrun.exe
O4 - HKLM\..\Run: [SStb.exe] C:\WINDOWS\SStb.exe
O4 - HKLM\..\Run: [ssqb.exe] ssqb.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [4s9f3sO] jv6nlrt7oj.exe
O4 - HKLM\..\Run: [ms04364341-331] C:\WINDOWS\ms04364341-331.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [rikk] C:\PROGRA~1\COMMON~1\rikk\rikkm.exe
O4 - HKCU\..\Run: [Jlqfdm] C:\Documents and Settings\Owner\Application Data\?racle\l?[bleep].exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LBqpRii7i] jniyeze11378io.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1150352906453O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/...s/msnchat45.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8467C057-CE3A-4957-A5D5-D50B1DDD4CDD}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Qoofix & Ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)