dave
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\d3zu32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
C:\WINDOWS\atldb.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\w?nspool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\CiitCFo.exe
C:\WINDOWS\System32\Doub.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\CRAZYY~1\LOCALS~1\Temp\264.tmp
C:\WINDOWS\System32\tibs5.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\Internet Optimizer\optimize.exe
c:\program files\180solutions\sais.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Crazy Yati\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\anmau.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\anmau.dll/sp.html#89328
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res:///url_error.html#hereandnow.northwestern.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\anmau.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\anmau.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\anmau.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hereandnow.northwestern.edu/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205DF8D3-61F8-8A69-EF22-B24BFD28CEAC} - C:\WINDOWS\system32\sysky.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [JmhSp4] C:\documents and settings\crazy yati\local settings\temp\JmhSp4.exe
O4 - HKLM\..\Run: [3MQQFB82A65FN3] C:\WINDOWS\System32\Pwbm74i.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [0nowm] C:\documents and settings\crazy yati\local settings\temp\0nowm.exe
O4 - HKLM\..\Run: [rwohSvy] C:\documents and settings\crazy yati\local settings\temp\rwohSvy.exe
O4 - HKLM\..\Run: [JmhSp4.exe] C:\documents and settings\crazy yati\local settings\temp\JmhSp4.exe
O4 - HKLM\..\Run: [0nowm.exe] C:\documents and settings\crazy yati\local settings\temp\0nowm.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [atldb.exe] C:\WINDOWS\atldb.exe
O4 - HKLM\..\Run: [1A75.tmp] C:\DOCUME~1\CRAZYY~1\LOCALS~1\Temp\1A75.tmp.exe 0 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [1A75.tmp.exe] C:\DOCUME~1\CRAZYY~1\LOCALS~1\Temp\1A75.tmp.exe 1 10001
O4 - HKLM\..\Run: [264.tmp] C:\DOCUME~1\CRAZYY~1\LOCALS~1\Temp\264.tmp.exe 4 10001
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunOnce: [d3zu32.exe] C:\WINDOWS\system32\d3zu32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ScanSpyware v3.5] "C:\Program Files\ScanSpyware v3.5\Scanner.exe"
O4 - HKCU\..\Run: [Qffgdem] C:\WINDOWS\System32\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab