DARNIT!!!
Okay, I followed all the directions in another post on this one: I've run SmitFraud, AVG AntiSpyware and when I rebooted and opened IE, there was that damnable iesecurepage again!
Here are the reports:
rapport.txt:
SmitFraudFix v2.119
Scan done at 12:31:00.50, 09/11/2006
Run from C:\Program Files\smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"
[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
The AVG AntiSpyware log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:11:10 PM 09/11/2006
+ Scan result:
C:\Documents and Settings\All Users\Documents\ZwinkySetup2.2.50.1-3.ZJfox000.exe/mwsSrcSp.CommonCodebase.exe -> Adware.FunWeb : Cleaned with backup (quarantined).
HKU\S-1-5-21-2564678973-3629084163-3047839591-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\report\ag.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\report\ag.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\report\send.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\report\send.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\cs\res1\whitelist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildArcade -> Adware.MidAddle : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_76.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-2564678973-3629084163-3047839591-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Shannon\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
C:\Documents and Settings\Logan\My Documents\Logan's Downloads\MLBPlayballSetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\Media Gateway\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AdmilliServX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Logan\My Documents\Setup.exe -> Adware.Zango : Cleaned with backup (quarantined).
C:\Documents and Settings\Bailey\Local Settings\Temporary Internet Files\Content.IE5\DGW5G4T0\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
:mozilla.337:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Shannon\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shannon\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Shannon\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.43:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.44:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.45:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.46:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.73:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Bailey\Cookies\bailey@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Bailey\Cookies\bailey@adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Bailey\Cookies\
[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Bailey\Cookies\
[email protected][3].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Bailey\Cookies\
[email protected][2].txt -> TrackingCookie.Adocean : Cleaned.
<snip> about 500 other cookies cleaned, and which made the post too long for the space
:mozilla.52:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Bailey\Cookies\
[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Bailey\Cookies\
[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Bailey\Cookies\bailey@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Bailey\Cookies\bailey@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Bailey\Cookies\bailey@tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Bailey\Cookies\bailey@tacoda[5].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Bailey\Cookies\
[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Bailey\Cookies\
[email protected][3].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Chris Barrett\Cookies\chris
[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.807:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.11:C:\Documents and Settings\Bailey\Application Data\Mozilla\Firefox\Profiles\r5ce58hz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.14:C:\Documents and Settings\Bailey\Application Data\Mozilla\Firefox\Profiles\r5ce58hz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.273:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.274:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.821:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.822:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.823:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.824:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.825:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.826:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.76:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.117:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.118:C:\Documents and Settings\Chris Barrett\Application Data\Mozilla\Firefox\Profiles\9bbiulju.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Bailey\Application Data\Mozilla\Firefox\Profiles\r5ce58hz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Shannon\Cookies\
[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Shannon\Cookies\
[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Minidump\Mini033105-01.dmp -> Worm.Randon.t : Cleaned with backup (quarantined).
::Report end
And the new HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:52:02 AM, on 09/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QualityCodec\isamonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QualityCodec\isamini.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\Bailey\My Documents\MsgPlus.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Desktop\Downloaded files\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cebarrett.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - C:\Program Files\QualityCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\DOCUME~1\LOGAN\MYDOCU~1\LOGAN'~1\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\QualityCodec\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Rosary Reminder] C:\Program Files\Virtual Rosary\reminder.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Bailey\My Documents\MsgPlus.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\Logan\My Documents\Logan's Progs\Poker\poker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\LOGAN\MYDOCU~1\LOGAN'~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\DOCUME~1\LOGAN\MYDOCU~1\LOGAN'~1\FLASHGET\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bailey\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
http://epiphany.alientrust.comO15 - Trusted Zone:
http://infinity.alientrust.comO15 - Trusted Zone:
http://polaris.alientrust.comO15 - Trusted Zone:
http://associates.amazon.caO15 - Trusted Zone:
http://associates.amazon.co.ukO15 - Trusted Zone:
http://associates.amazon.comO15 - Trusted Zone:
http://www.astrologyzone.comO15 - Trusted Zone:
http://www.blogger.comO15 - Trusted Zone:
http://cebarrett.blogspot.comO15 - Trusted Zone:
http://www.bravenet.comO15 - Trusted Zone:
http://www.cebarrett.comO15 - Trusted Zone:
http://account.ea.comO15 - Trusted Zone:
http://www.ebay.caO15 - Trusted Zone:
http://www.ebay.comO15 - Trusted Zone:
http://www.fastprofitsclub.comO15 - Trusted Zone:
http://www.globalgoldtalk.comO15 - Trusted Zone:
http://www.hotmail.comO15 - Trusted Zone:
http://www.inboxdollars.comO15 - Trusted Zone:
http://login.live.comO15 - Trusted Zone:
http://www.marketworks.comO15 - Trusted Zone:
http://*.pogo.comO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) -
http://apps.corel.co...PluginNOSSO.ocxO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cabO16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) -
http://zone.msn.com/...pandaonline.cabO16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) -
http://www.worldwinn...ck/bjattack.cabO16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) -
http://www.worldwinn...x/blockwerx.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1150108817234O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://zone.msn.com/...mjolauncher.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) -
http://www.worldwinn...jo/wordmojo.cabO16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) -
http://www.worldwinn...cubis/cubis.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://zone.msn.com/...me/ZAxRcMgr.cabO16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) -
http://www.worldwinn...man/hangman.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab34246.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://zone.msn.com/...fault/shapo.cabO16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/...WebLauncher.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/z...s/heartbeat.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/...s/msnchat45.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) -
http://www.meetstrea...03/activeid.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Edited by Torin, 09 November 2006 - 12:55 PM.
Sign In
Create Account
