Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hijackthis log: Startnow hax - shoot to kill. [CLOSED]

Started by Slowfuse , Aug 30 2005 01:17 AM

Page 3 of 5
1
2
3
4
5

This topic is locked

#31
Slowfuse

Posted 02 September 2005 - 12:44 AM

Member

Topic Starter
Member
44 posts

alrighty.

nice work

#32
ukbiker

Posted 02 September 2005 - 12:52 AM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi there slowfuse

Great, its gone (thanks Michelle)

Almost done now. :tazz:

Rescan with HJT. Place a checkmark against the following if they are there.

O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshkwwe.dll (file missing)

Ensure that all other applications and windows are closed, then Click on Fix Checked . Then exit HijackThis.

Now you have to clean out your temporary files and flush your restore points:

Start | Run | type cleanmgr | OK
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Click "OK" to remove them.
Click "Yes" to confirm the deletion.

Dont flush the system restore yet.

Finally, please run the online panda scan

HERE
and post its results and a fresh HJT log for me

UKBiker

Edited by ukbiker, 02 September 2005 - 12:54 AM.

#33
ukbiker

Posted 02 September 2005 - 12:57 AM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hiya

NOTE

Do not flush the system restore just yet

UKBiker

#34
Slowfuse

Posted 02 September 2005 - 09:17 PM

Member

Topic Starter
Member
44 posts

Hey biker, im still alive!

did that heres, what panda found, no virus, just a whole lot of spyware, that they are kind enough to not delete. thats why I stopped using panda.

heres the report:

Incident Status Location

Adware:adware/ncase No disinfected C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\180sainstallernu.exe
Adware:adware/kingporn No disinfected C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\ExtractDLL.dll
Adware:adware/p2pnetworking No disinfected C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\p2psetup.exe
Spyware:spyware/istbar No disinfected C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\shortcuts.txt
Adware:adware/sahagent No disinfected C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\cdt1004.sah
Adware:adware/transponder No disinfected C:\WINDOWS\SYSTEM32\thin-94-1-x-x.exe
Adware:adware/quicksearch No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf
Adware:adware/pacimedia No disinfected C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\FAVORITES\1111\1111.url
Adware:adware/fastvideoplayer No disinfected C:\WINDOWS\INF\fastvideoplayer.inf
Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall4_85.exe
Adware:adware/twain-tech No disinfected C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\THIA24.tmp
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/wupd No disinfected Windows Registry
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\thin-94-1-x-x.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_85.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\res1A.tmp
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\ExtractDLL.dll
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\labpengs.tmp
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\conscorr.inf
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\TBPS.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\common.dll
Adware:Adware/ToolbarMase No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\toolbar.dll
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\temp.fr2DB9\common.dll
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\temp.fr2DB9\toolbar.dll
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJOZ630B\ustart[1]
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\zyptdtno.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\pieacjnq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\ddzejtca.exe
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\p2psetup.exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\res133.tmp
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\thin-94-1-x-x.exe
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\sntaudio.tmp
Spyware:Spyware/SafeSurf No disinfected C:\Program Files\Hijackthis\backups\backup-20050902-145455-172.dll
Adware:Adware/BigTrafficNet No disinfected C:\Program Files\Hijackthis\backups\backup-20050902-145456-896.dll
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP213\A0076103.INI
Adware:Adware/WinAD No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP215\A0076312.exe
Adware:Adware/WinAD No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP215\A0076313.exe
Adware:Adware/WinAD No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP215\A0076314.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP237\A0078749.cfg
Spyware:Spyware/Hyperbar No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP241\A0080456.dll
Adware:Adware/MemoryWatcher No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP261\A0087219.ocx
Adware:Adware/IPInsight No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP262\A0087253.inf
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP262\A0087256.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP262\A0087265.dll
Adware:Adware/IPInsight No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP262\A0087270.inf
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP282\A0098893.exe
Spyware:Adwawe/Block-checker No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP285\A0100986.exe
Spyware:Spyware/SafeSurf No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP287\A0102233.exe
Spyware:Adwawe/Block-checker No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP289\A0105454.exe
Spyware:Adwawe/SystemProcess No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP289\A0105455.exe
Spyware:Adwawe/SystemProcess No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP289\A0105456.dll
Adware:Adware/WUpd No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP289\A0105458.exe
Spyware:Spyware/SafeSurf No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP290\A0107554.dll
Adware:Adware/BigTrafficNet No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP290\A0107555.dll
Spyware:Spyware/SafeSurf No disinfected C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP290\A0107665.exe

thanks man.

#35
ukbiker

Posted 02 September 2005 - 09:19 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi Slowfuse

could you post that list again for me, this time with wordwrap OFF so i can read it please?

UKBiker

#36
Slowfuse

Posted 02 September 2005 - 09:32 PM

Member

Topic Starter
Member
44 posts

there ya go boss, did my best to make it readable for you.

Incident Status

Adware:adware/ncase No disinfected
C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\180sainstallernu.exe

Adware:adware/kingporn No disinfected
C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\ExtractDLL.dll

Adware:adware/p2pnetworking No disinfected
C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\p2psetup.exe

Spyware:spyware/istbar No disinfected
C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\shortcuts.txt

Adware:adware/sahagent No disinfected
C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\cdt1004.sah

Adware:adware/transponder No disinfected C:\WINDOWS\SYSTEM32\thin-94-1-x-x.exe

Adware:adware/quicksearch No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf

Adware:adware/pacimedia No disinfected
C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\FAVORITES\1111\1111.url

Adware:adware/fastvideoplayer No disinfected C:\WINDOWS\INF\fastvideoplayer.inf

Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall4_85.exe

Adware:adware/twain-tech No disinfected
C:\DOCUMENTS AND SETTINGS\FRANKIE AND TARA\LOCAL SETTINGS\TEMP\THIA24.tmp

Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs

Adware:adware/wupd No disinfected
Windows Registry

Spyware:Spyware/BetterInet No disinfected
C:\WINDOWS\system32\thin-94-1-x-x.exe

Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini

Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_85.exe

Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe

Adware:Adware/nCase No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\res1A.tmp

Spyware:Spyware/SafeSurf No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\ExtractDLL.dll

Spyware:Spyware/SafeSurf No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\labpengs.tmp

Adware:Adware/IPInsight No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\conscorr.inf

Adware:Adware/WinTools No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\TBPS.exe

Adware:Adware/WinTools No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\common.dll

Adware:Adware/ToolbarMase No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\toolbar.dll

Adware:Adware/WinTools No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\temp.fr2DB9\common.dll

Adware:Adware/MyWebSearch No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\temp.fr2DB9\toolbar.dll

Adware:Adware/WUpd No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\Temporary Internet
Files\Content.IE5\AJOZ630B\ustart[1]

Adware:Adware/Lop No disinfected
C:\Documents and
Settings\Frankie and Tara\Local Settings\Temp\zyptdtno.exe

Adware:Adware/Lop No disinfected
C:\Documents and
Settings\Frankie and Tara\Local Settings\Temp\pieacjnq.exe

Adware:Adware/Lop No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\ddzejtca.exe

Adware:Adware/P2PNetworking No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\p2psetup.exe

Adware:Adware/nCase No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\res133.tmp

Spyware:Spyware/BetterInet No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\thin-94-1-x-x.exe

Spyware:Spyware/SafeSurf No disinfected
C:\Documents and Settings\Frankie and Tara\Local Settings\Temp\sntaudio.tmp

Spyware:Spyware/SafeSurf No disinfected
C:\Program Files\Hijackthis\backups\backup-20050902-145455-172.dll

Adware:Adware/BigTrafficNet No disinfected
C:\Program Files\Hijackthis\backups\backup-20050902-145456-896.dll

Adware:Adware/SAHAgent No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP213\A0076103.INI

Adware:Adware/WinAD No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP215\A0076312.exe

Adware:Adware/WinAD No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP215\A0076313.exe

Adware:Adware/WinAD No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP215\A0076314.dll

Spyware:Spyware/BetterInet No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP237\A0078749.cfg

Spyware:Spyware/Hyperbar No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP241\A0080456.dll

Adware:Adware/MemoryWatcher No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP261\A0087219.ocx

Adware:Adware/IPInsight No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP262\A0087253.inf

Adware:Adware/Aurora No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP262\A0087256.exe

Spyware:Spyware/BetterInet No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP262\A0087265.dll

Adware:Adware/IPInsight No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP262\A0087270.inf

Spyware:Spyware/BetterInet No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP282\A0098893.exe

Spyware:Adwawe/Block-checker No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP285\A0100986.exe

Spyware:Spyware/SafeSurf No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP287\A0102233.exe

Spyware:Adwawe/Block-checker No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP289\A0105454.exe

Spyware:Adwawe/SystemProcess No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP289\A0105455.exe

Spyware:Adwawe/SystemProcess No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP289\A0105456.dll

Adware:Adware/WUpd No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP289\A0105458.exe

Spyware:Spyware/SafeSurf No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP290\A0107554.dll

Adware:Adware/BigTrafficNet No disinfected
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP290\A0107555.dll

Spyware:Spyware/SafeSurf No disinfected
C:\System Volume
Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP290\A0107665.exe

Edited by Slowfuse, 02 September 2005 - 09:51 PM.

#37
ukbiker

Posted 02 September 2005 - 09:48 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi slowfuse

dont put it in a quote box, just copy and paste the text straight into the reply :tazz:

UKBiker

#38
Slowfuse

Posted 02 September 2005 - 09:52 PM

Member

Topic Starter
Member
44 posts

better?

#39
ukbiker

Posted 02 September 2005 - 09:54 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Yep ta

tell me, do you have more than 1 account on this PC, ie is there another account called Frankie and tara, or is that the admin account name?

UKBiker

#40
Slowfuse

Posted 02 September 2005 - 09:57 PM

Member

Topic Starter
Member
44 posts

yea thats ours

been meaning to turn that off...

#41
ukbiker

Posted 02 September 2005 - 10:00 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi slowfuse

sorry mate, i need to be exact about this, how many accounts are there on this PC , what are their names and which have full admin rights?

UKBiker

#42
Slowfuse

Posted 02 September 2005 - 10:01 PM

Member

Topic Starter
Member
44 posts

oh yea sure,

we only use one account, which is frankie and tara, there is like an admin account or something that is there too that we dont even use.
I never really bothered to sort any of it out...

#43
Slowfuse

Posted 02 September 2005 - 10:02 PM

Member

Topic Starter
Member
44 posts

i was screwing round in the user accounts settings and stuff, just for the [bleep] of it, and never bothered changing it back, thats all.

#44
ukbiker

Posted 02 September 2005 - 10:04 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi slowfuse

I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

We aint finished with this yet im afraid :tazz:

UKBiker

#45
Slowfuse

Posted 02 September 2005 - 10:08 PM

Member

Topic Starter
Member
44 posts

aww man im real sorry about taking up so much time, theres no hurry, its not your problem.

I really appreciate it.

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 4:05:55 p.m., on 3/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Orcon Accelerator\PropelAC.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Orcon Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Orcon Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Orcon Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Orcon Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Orcon Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E470F3F-D584-4058-BC45-1343C4AE7E6F}: NameServer = 210.55.12.1 210.55.12.2
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

uninstall manager:

3ivx D4 4.5.1 (remove only)
acer
Ad-Aware SE Personal
Adobe Photoshop 7.0.1
Adobe Reader 6.0.1
Antares Autotune DX v4.15
ATI Display Driver
AVG Free Edition
Band-in-a-Box Demo
DVD X Player Pro 1.6
Emagic Logic Audio Platinum 5.5.1
FlashGet(JetCar)
Guitar FX BOX 2.6
Guitar Pro 4 Demo
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_05
Joint Operations: Typhoon Rising
Macromedia Shockwave Player
Magix Sequoia v7.22
Matroska Pack (remove only)
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
MSN Messenger 7.0
Native Instruments Guitar Rig v1.1
Orcon Accelerator
Panda ActiveScan
Quake II
QuickTime
Realtek AC'97 Audio
Reason 3.0
River Past Audio Converter
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Sound Blaster Audigy 2 ZS
Startnow Navigation Helper (v1.0.1.1)
Sweet MIDI Arpeggiator 32 (remove only)
The Sims 2
The Sims Deluxe Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Video Edit Magic 2.2
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMPG Video Convert 5.6
WinRAR archiver
WinZip
Wuschel's ASIO4ALL
Xfire (remove only)
XoftSpy