FRESH HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 7:59:36 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Matt\Desktop\EndlessOnline\endless.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.34.205.146:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!xSpeed] C:\!xSpeednet\!xSpeednet.exe reg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame....GPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload....Plugin10USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
FRESH DSS
Deckard's System Scanner v20070426.43
Run by Matt on 2007-05-02 at 20:00:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Matt.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:00:22 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Matt\Desktop\EndlessOnline\endless.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Matt\Desktop\Virus scanners\dss.exe
C:\PROGRA~1\HIJACK~1\Matt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.34.205.146:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!xSpeed] C:\!xSpeednet\!xSpeednet.exe reg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame....GPluginJP23.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload....Plugin10USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-- Files created between 2007-04-02 and 2007-05-02 -----------------------------
2007-05-02 13:21:46 0 d-------- C:\Documents and Settings\Matt\Application Data\AVG7
2007-05-02 13:21:30 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-05-02 13:21:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-05-02 13:21:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-05-02 12:52:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-05-02 12:52:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-05-02 12:52:13 0 d-------- C:\Documents and Settings\Matt\Application Data\SUPERAntiSpyware.com
2007-05-02 12:51:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-01 15:36:25 0 d-------- C:\Program Files\Game Speed Changer
2007-04-28 02:18:25 111227 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-04-22 01:03:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2007-04-21 19:08:28 0 d-------- C:\Program Files\DarkEvil Online
2007-04-17 20:00:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
-- Find3M Report ---------------------------------------------------------------
2007-05-02 16:29:48 0 d-------- C:\Documents and Settings\Matt\Application Data\Xfire
2007-05-02 16:29:13 0 d---s---- C:\Program Files\Xfire
2007-05-02 14:44:32 0 d-------- C:\Program Files\Symantec
2007-05-02 14:44:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-02 14:44:29 0 d-------- C:\Program Files\Symantec AntiVirus
2007-05-02 14:13:15 0 d-------- C:\Program Files\Java
2007-05-02 14:07:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-02 14:00:32 0 d-------- C:\Program Files\IrfanView
2007-05-02 13:57:29 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-02 13:44:08 0 d-------- C:\Program Files\Bonjour
2007-05-02 10:22:19 0 d-------- C:\Documents and Settings\Matt\Application Data\LimeWire
2007-05-01 21:48:05 0 d-------- C:\Program Files\SwiftSwitch
2007-04-17 20:03:05 0 d-------- C:\Program Files\Cheat Engine
2007-04-13 22:46:14 0 d-------- C:\Program Files\WarRock
2007-04-03 15:28:47 0 d-------- C:\Program Files\LimeWire
2007-03-30 08:02:51 0 d--h----- C:\Documents and Settings\Matt\Application Data\Hangame
2007-03-28 19:23:31 0 d-------- C:\Documents and Settings\Matt\Application Data\InstallShield
2007-03-19 19:50:18 0 d-------- C:\Program Files\aspeeder
2007-03-15 20:04:09 0 d-------- C:\Program Files\Google
2007-03-15 19:34:14 0 d-------- C:\Program Files\MSN Messenger
2007-03-14 12:55:25 0 d-------- C:\Documents and Settings\Matt\Application Data\Google
2007-03-11 15:15:06 0 d-------- C:\Program Files\Speed Gear 5
2007-03-07 13:41:02 0 d-------- C:\Documents and Settings\Matt\Application Data\WinRAR
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"!xSpeed"="C:\\!xSpeednet\\!xSpeednet.exe reg"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!xSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="!xSpeednet"
"hkey"="HKLM"
"command"="c:\\!xSpeednet\\!xSpeednet.exe reg"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"item"="ctfmon.exe"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"hkey"="HKCU"
"key"="Run"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"item"="MSMSGS"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"hkey"="HKCU"
"key"="Run"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SpyNoMore\\SNM.exe\" /startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHeal]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpyHeal"
"hkey"="HKLM"
"command"="C:\\Program Files\\SpyHeal\\SpyHeal.exe /h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of Deckard's System Scanner: finished at 2007-05-02 at 20:00:45 ---------
EXTRA FROM DSS
Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1023.3 MiB / 535.47 MiB
Pagefile Memory (total/avail): 2460.57 MiB / 2054.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.09 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.56 GiB total, 28.79 GiB free.
D: is CDROM (No Media)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Matt\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-30AE992KU9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Matt
LOGONSERVER=\\HOME-30AE992KU9
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Matt\LOCALS~1\Temp
TMP=C:\DOCUME~1\Matt\LOCALS~1\Temp
USERDOMAIN=HOME-30AE992KU9
USERNAME=Matt
USERPROFILE=C:\Documents and Settings\Matt
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Rebecca Vautour (admin)
Matt (admin)
Tom (admin)
Administrator.HOME-30AE992KU9.000 (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
!xSpeed --> c:\!xSpeed\uninstal.exe
!xSpeed.net 2.0 --> c:\!xSpeednet\uninstal.exe
A Speeder (remove only) --> "C:\Program Files\aspeeder\uninstall.exe"
Adobe Anchor Service CS3 --> MsiExec.exe /I{A4464AC3-D85E-4649-8748-706191063DF6}
Adobe Asset Services CS3 --> MsiExec.exe /I{7302810D-7ACF-4339-B27B-57016CAADDCD}
Adobe Bridge CS3 --> MsiExec.exe /I{FABA59CC-347B-478B-B2A7-37BF0885CACB}
Adobe Bridge Start Meeting --> MsiExec.exe /I{CE52110A-7773-444F-9E5D-4A45E4792DB6}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{AED353B9-E6D7-406F-B007-2C55C5265EB3}
Adobe CMaps --> MsiExec.exe /I{D8FC8E35-D397-4C16-87AE-141A625221E4}
Adobe Default Language CS3 --> MsiExec.exe /I{D446BA40-1F5F-44EB-A794-0AC14F809C79}
Adobe Device Central CS3 --> MsiExec.exe /I{265FCC3B-4814-4B2B-89D6-217DFB8AD886}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{F36CFE58-47C0-4D75-995B-E0172563FA83}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}
Adobe Help Viewer 1.1 --> MsiExec.exe /I{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}
Adobe Linguistics CS3 --> MsiExec.exe /I{E5C28906-EC86-404E-BB4F-6AB2590451FF}
Adobe PDF Library Files --> MsiExec.exe /I{91D829E6-F1D1-433F-861F-0552DFED0EAD}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}
Adobe Setup --> MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{73B79E83-490B-460D-B0D6-2C7B73980325}
Adobe Type Support --> MsiExec.exe /I{A78A65E4-1D88-477A-83B4-3EC540F6A55A}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{BF18C55F-791F-4C17-AB75-E397EE01C14B}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}
Adobe XMP Panels CS3 --> MsiExec.exe /I{F0CF6455-EDD8-41C6-A96A-223874E660CC}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Cheat Engine 5.3 --> "C:\Program Files\Cheat Engine\unins000.exe"
CrazySpeeder_eng --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534A9921-59CC-425D-A62F-F2461DA957CA}\Setup.exe"
DarkEvil Online --> C:\Program Files\DarkEvil Online\Uninstal.exe
Dora's Carnival Adventure (remove only) --> C:\Program Files\Doras Carnival Adventure\Uninstall.exe
Endless Online 0.27 b --> C:\Program Files\EndlessOnline\Uninstall.exe
Feeding Frenzy 2 Shipwreck Showdown (remove only) --> C:\Program Files\Feeding Frenzy 2 Shipwreck Showdown\Uninstall.exe
Game Speed Changer 6.3 --> "C:\Program Files\Game Speed Changer\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Gunbound Revolution --> "C:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
Hangame --> C:\Hangame\JAPANESE\HanUninstallJp.exe
Hey Arnold Runaway Bus 3D Game (remove only) --> "C:\Program Files\Hey Arnold Runaway Bus 3D Game\Uninstall.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Nicktoons Challenge! (remove only) --> C:\Program Files\Nicktoons Challenge!\Uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Puppy Luv (remove only) --> C:\Program Files\Puppy Luv\Uninstall.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RYL2 - Incomplete Union v1.6.7.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81493ECE-6BD4-4972-B7DB-A0134C0A0D3F}\Setup.exe" -l0x9
Special Force --> C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe -runfromtemp -l0x0011 -removeonly
Speed Gear 5.00 --> "C:\Program Files\Speed Gear 5\unins000.exe"
SpongeBob SquarePants Diner Dash (remove only) --> C:\Program Files\SpongeBob SquarePants Diner Dash\Uninstall.exe
SpongeBob SquarePants Employee of the Month --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Employee of the Month\Uninst.isu"
SpongeBob SquarePants Krabby Quest (remove only) --> C:\Program Files\SpongeBob SquarePants Krabby Quest\Uninstall.exe
SpongeBob SquarePants Obstacle Odyssey (remove only) --> C:\Program Files\SpongeBob SquarePants Obstacle Odyssey\Uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Wild Thornberrys Movie - Chopper Chase (remove only) --> "C:\Program Files\The Wild Thornberrys Movie - Chopper Chase\Uninstall.exe"
Type To Learn --> C:\PROGRA~1\SCHOLA~1\TYPETO~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\TYPETO~1\INSTALL.LOG
Type To Learn Jr --> C:\PROGRA~1\SCHOLA~1\TYPETO~2\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\TYPETO~2\INSTALL.LOG
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
-- End of Deckard's System Scanner: finished at 2007-05-02 at 13:02:33 ---------
SUPERANTISPYWARE LOG
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/02/2007 at 02:30 PM
Application Version : 3.7.1018
Core Rules Database Version : 3229
Trace Rules Database Version: 1240
Scan type : Complete Scan
Total Scan Time : 01:21:16
Memory items scanned : 473
Memory threats detected : 0
Registry items scanned : 4877
Registry threats detected : 101
File items scanned : 38338
File threats detected : 42
Trojan.Media-Codec
HKLM\Software\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKCR\CLSID\{202A961F-23AE-42B1-9505-FFE3C818D717}
HKCR\CLSID\{202A961F-23AE-42B1-9505-FFE3C818D717}
HKCR\CLSID\{202A961F-23AE-42B1-9505-FFE3C818D717}\InprocServer32
HKCR\CLSID\{202A961F-23AE-42B1-9505-FFE3C818D717}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\PCODEC\ISADDON.DLL
HKLM\Software\Classes\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\Implemented Categories
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\InprocServer32
HKCR\CLSID\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\PCODEC\IESPLUGIN.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#homepage.monitor.exe [ C:\Program Files\PCODEC\isamonitor.exe ]
Adware.Tracking Cookie
C:\Documents and Settings\Matt\Cookies\matt@adlegend[1].txt
C:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt
C:\Documents and Settings\Matt\Cookies\matt@tribalfusion[2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\tom@adrevolver[2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\tom@advertising[1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\tom@atdmt[2].txt
C:\Documents and Settings\Tom\Cookies\tom@battellemedia[1].txt
C:\Documents and Settings\Tom\Cookies\tom@casalemedia[1].txt
C:\Documents and Settings\Tom\Cookies\tom@doubleclick[1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\tom@fastclick[1].txt
C:\Documents and Settings\Tom\Cookies\tom@hitbox[1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\tom@mediaplex[1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\tom@overture[1].txt
C:\Documents and Settings\Tom\Cookies\tom@partner2profit[1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][1].txt
C:\Documents and Settings\Tom\Cookies\tom@questionmarket[1].txt
C:\Documents and Settings\Tom\Cookies\tom@serving-sys[2].txt
C:\Documents and Settings\Tom\Cookies\tom@statcounter[1].txt
C:\Documents and Settings\Tom\Cookies\tom@tacoda[2].txt
C:\Documents and Settings\Tom\Cookies\tom@trafficmp[1].txt
C:\Documents and Settings\Tom\Cookies\tom@tribalfusion[1].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
C:\Documents and Settings\Tom\Cookies\[email protected][2].txt
Malware.SpyHeal
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0\0
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0\0\win32
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0\FLAGS
HKCR\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129}\1.0\HELPDIR
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}\ProxyStubClsid
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}\ProxyStubClsid32
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}\TypeLib
HKCR\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198}\TypeLib#Version
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}\ProxyStubClsid
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}\ProxyStubClsid32
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}\TypeLib
HKCR\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156}\TypeLib#Version
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}\ProxyStubClsid
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}\ProxyStubClsid32
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}\TypeLib
HKCR\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8}\TypeLib#Version
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}\ProxyStubClsid
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}\ProxyStubClsid32
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}\TypeLib
HKCR\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B}\TypeLib#Version
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}\ProxyStubClsid
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}\ProxyStubClsid32
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}\TypeLib
HKCR\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167}\TypeLib#Version
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}\ProxyStubClsid
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}\ProxyStubClsid32
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}\TypeLib
HKCR\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8}\TypeLib#Version
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}\ProxyStubClsid
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}\ProxyStubClsid32
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}\TypeLib
HKCR\Interface\{8407F578-6FA7-446A-8852-53E6A147472E}\TypeLib#Version
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}\ProxyStubClsid
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}\ProxyStubClsid32
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}\TypeLib
HKCR\Interface\{85A126D1-2706-443D-9979-8841A1C5B482}\TypeLib#Version
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}\ProxyStubClsid
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}\ProxyStubClsid32
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}\TypeLib
HKCR\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4}\TypeLib#Version
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}\ProxyStubClsid
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}\ProxyStubClsid32
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}\TypeLib
HKCR\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F}\TypeLib#Version
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}\ProxyStubClsid
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}\ProxyStubClsid32
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}\TypeLib
HKCR\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E}\TypeLib#Version
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}\ProxyStubClsid
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}\ProxyStubClsid32
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}\TypeLib
HKCR\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040}\TypeLib#Version
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}\ProxyStubClsid
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}\ProxyStubClsid32
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}\TypeLib
HKCR\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF}\TypeLib#Version
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}\ProxyStubClsid
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}\ProxyStubClsid32
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}\TypeLib
HKCR\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71}\TypeLib#Version
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}\ProxyStubClsid
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}\ProxyStubClsid32
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}\TypeLib
HKCR\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9}\TypeLib#Version
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}\ProxyStubClsid
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}\ProxyStubClsid32
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}\TypeLib
HKCR\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513}\TypeLib#Version
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\REBECCA VAUTOUR\FAVORITES\ONLINE SECURITY TEST.URL
I will post a avg log tomorrowi will also renew the hijackthis log and the dss log(although they are currently up to date) and defrag my computer maybe
Edited by Infectedlie^.^, 02 May 2007 - 09:02 PM.