Home Search Virus
Started by
smooph3
, Apr 09 2005 11:34 AM
#1
Posted 09 April 2005 - 11:34 AM
#2
Posted 09 April 2005 - 11:52 AM
Heres the HJT file
Logfile of HijackThis v1.99.1
Scan saved at 12:43:56 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\msoffice.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\private-zone.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\vpavrk.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\ifmonxp.exe
C:\WINDOWS\System32\igmwp.exe
C:\WINDOWS\System32\Regsvr32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\sysfi.exe
C:\WINDOWS\netdf.exe
C:\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: (no name) - {9431FE7C-F508-1551-CE7E-072CAD27957E} - C:\WINDOWS\system32\atlqz32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebRun] C:\WINDOWS\System32\wmplayer.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\private-zone.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [etbrun] c:\windows\system32\elitexie32.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vpavrk.exe
O4 - HKLM\..\Run: [v3tg3nR] igmwp.exe
O4 - HKLM\..\Run: [sysfi.exe] C:\WINDOWS\system32\sysfi.exe
O4 - HKLM\..\RunOnce: [ntwi32.exe] C:\WINDOWS\system32\ntwi32.exe
O4 - HKLM\..\RunOnce: [ipqi32.exe] C:\WINDOWS\system32\ipqi32.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [WebRun] C:\WINDOWS\System32\wmplayer.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\private-zone.exe
O4 - HKCU\..\Run: [e02mRhd2U] ifmonxp.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2[bleep]ed.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.windupdates.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {004C7133-710E-7895-410D-6F532D63A60F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {02FB20A4-FF8C-51E6-4BA6-4237175CAE3B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {0D2906D8-D8AD-36FA-552C-5313198EFB37} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {0FB8317D-5A53-5750-94A1-7FF17838600B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {10E0E29F-A295-3188-FD89-20E63E8BF3B9} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {131E1E3F-29FE-1422-FA20-75F66FC75F17} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {1366725F-AD85-0DEF-9466-4C9B7618A8B6} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {16086245-E990-1B99-4A72-258A36277BD7} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {189774E6-7AAB-06AE-0367-79240EEBE64F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {18E3AC14-60FD-49AA-F1B0-7EC7330E7B1E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {1ED5AB72-4C99-0C54-317F-6E8E425036A1} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {237AA698-5155-5644-A527-611F2FB41BBA} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {257B08D0-80C5-4BD4-51BE-3A112E9A2AEF} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {41082D38-6E6A-71D9-A686-7CCD343AB2F6} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {42F8A361-FCC2-3668-F9D8-75A956FA133E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {4315F39A-A4EB-4EBB-6EAA-69A87ED8B250} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {45516DCA-9DDE-551A-0597-3F435638AB9A} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {5312794D-8924-639D-494E-25D04153F641} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {55EE873D-A151-76B9-9C55-115B08A26D78} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {5C825835-E00B-74E9-012C-56FD39B5929B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {60077A44-4D7A-303B-6D9A-10E36FE288CE} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {6600EAAD-330D-29DC-6A89-5CCC112B372E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {732317D9-38C1-5F28-62BA-54A93288A072} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {780A0B61-AF17-680F-C6CF-49AA4926343E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {7921490C-F1AE-279A-F84F-7E695D63F15F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {7B0043CC-8651-48AB-FB48-2CFA01286136} - http://67.19.178.86/1/rdgUS1742.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netdf.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:43:56 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\msoffice.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\private-zone.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\vpavrk.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\ifmonxp.exe
C:\WINDOWS\System32\igmwp.exe
C:\WINDOWS\System32\Regsvr32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\sysfi.exe
C:\WINDOWS\netdf.exe
C:\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eirqy.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: (no name) - {9431FE7C-F508-1551-CE7E-072CAD27957E} - C:\WINDOWS\system32\atlqz32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebRun] C:\WINDOWS\System32\wmplayer.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\private-zone.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [etbrun] c:\windows\system32\elitexie32.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vpavrk.exe
O4 - HKLM\..\Run: [v3tg3nR] igmwp.exe
O4 - HKLM\..\Run: [sysfi.exe] C:\WINDOWS\system32\sysfi.exe
O4 - HKLM\..\RunOnce: [ntwi32.exe] C:\WINDOWS\system32\ntwi32.exe
O4 - HKLM\..\RunOnce: [ipqi32.exe] C:\WINDOWS\system32\ipqi32.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [WebRun] C:\WINDOWS\System32\wmplayer.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\private-zone.exe
O4 - HKCU\..\Run: [e02mRhd2U] ifmonxp.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2[bleep]ed.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.windupdates.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {004C7133-710E-7895-410D-6F532D63A60F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {02FB20A4-FF8C-51E6-4BA6-4237175CAE3B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {0D2906D8-D8AD-36FA-552C-5313198EFB37} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {0FB8317D-5A53-5750-94A1-7FF17838600B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {10E0E29F-A295-3188-FD89-20E63E8BF3B9} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {131E1E3F-29FE-1422-FA20-75F66FC75F17} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {1366725F-AD85-0DEF-9466-4C9B7618A8B6} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {16086245-E990-1B99-4A72-258A36277BD7} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {189774E6-7AAB-06AE-0367-79240EEBE64F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {18E3AC14-60FD-49AA-F1B0-7EC7330E7B1E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {1ED5AB72-4C99-0C54-317F-6E8E425036A1} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {237AA698-5155-5644-A527-611F2FB41BBA} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {257B08D0-80C5-4BD4-51BE-3A112E9A2AEF} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {41082D38-6E6A-71D9-A686-7CCD343AB2F6} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {42F8A361-FCC2-3668-F9D8-75A956FA133E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {4315F39A-A4EB-4EBB-6EAA-69A87ED8B250} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {45516DCA-9DDE-551A-0597-3F435638AB9A} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {5312794D-8924-639D-494E-25D04153F641} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {55EE873D-A151-76B9-9C55-115B08A26D78} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {5C825835-E00B-74E9-012C-56FD39B5929B} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {60077A44-4D7A-303B-6D9A-10E36FE288CE} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {6600EAAD-330D-29DC-6A89-5CCC112B372E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {732317D9-38C1-5F28-62BA-54A93288A072} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {780A0B61-AF17-680F-C6CF-49AA4926343E} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {7921490C-F1AE-279A-F84F-7E695D63F15F} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {7B0043CC-8651-48AB-FB48-2CFA01286136} - http://67.19.178.86/1/rdgUS1742.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netdf.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users