anarmywife
Thread Starter
- Joined
- Apr 18, 2003
- Messages
- 34
hi, my computer is driving me crazy!!! it keeps on getting hijacked all of the time (my dh thinks it is from our cable modem), and we are getting viruses like crazy. it continuiously freezes up. i have bought a firewall & virus scan program (defender pro?) but the computer freezes so i cant install the firewall... and it turns off the virus scan. i have ran bazooka, and am in the process of trying to fix all of the things it says- but i hope that i can get some help from the wonderful people here! thanks soooooo much, all of the help is appreciated!
Logfile of HijackThis v1.97.7
Scan saved at 7:12:14 PM, on 4/14/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...OL.COM/92671ac527/ac00krtyx_65v/ogsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: com
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O3 - Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AEHKN] C:\WINDOWS\AEHKN.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\DP-B23011805.EXE
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
O4 - HKLM\..\Run: [PJLRTV9W.EXE] C:\WINDOWS\PJLRTV9W.EXE /dk
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [PJLRTV9W.EXE] C:\WINDOWS\PJLRTV9W.EXE /dk
O4 - Startup: NFVK40PH.lnk = C:\WINDOWS\nfvk40ph.exe
O4 - Startup: 9AVLRD1A.lnk = C:\WINDOWS\9avlrd1a.exe
O4 - Startup: 0IVT3H00.lnk = C:\WINDOWS\0ivt3h00.exe
O4 - Startup: BE7T4DQH.lnk = C:\WINDOWS\be7t4dqh.exe
O4 - Startup: JEG5HA7A.lnk = C:\WINDOWS\jeg5ha7a.exe
O4 - Startup: PJLRTV9W.lnk = C:\WINDOWS\pjlrtv9w.exe
O4 - Global Startup: 8WANMBMT.lnk = ?
O4 - Global Startup: NFVK40PH.lnk = C:\WINDOWS\nfvk40ph.exe
O4 - Global Startup: M1TR13EW.lnk = C:\WINDOWS\m1tr13ew.exe
O4 - Global Startup: 2KFY1H4C.lnk = C:\WINDOWS\2kfy1h4c.exe
O4 - Global Startup: X7TEXVX2.lnk = C:\WINDOWS\x7texvx2.exe
O4 - Global Startup: O2OR00FD.lnk = C:\WINDOWS\o2or00fd.exe
O4 - Global Startup: V8WHQ6R7.lnk = C:\WINDOWS\v8whq6r7.exe
O4 - Global Startup: EC281N7L.lnk = C:\WINDOWS\ec281n7l.exe
O4 - Global Startup: tbbnnxh8.lnk = ?
O4 - Global Startup: 5RNUJPZ6.lnk = C:\WINDOWS\5rnujpz6.exe
O4 - Global Startup: 8ZHU5LLE.lnk = C:\WINDOWS\8zhu5lle.exe
O4 - Global Startup: ZA658QF6.lnk = C:\WINDOWS\za658qf6.exe
O4 - Global Startup: D55XPABR.lnk = C:\WINDOWS\d55xpabr.exe
O4 - Global Startup: DVWQL5YN.lnk = C:\WINDOWS\dvwql5yn.exe
O4 - Global Startup: YV04YILM.lnk = ?
O4 - Global Startup: PR533214.lnk = C:\WINDOWS\pr533214.exe
O4 - Global Startup: YZRX6ULN.lnk = C:\WINDOWS\yzrx6uln.exe
O4 - Global Startup: 1UOO0KRM.lnk = C:\WINDOWS\1uoo0krm.exe
O4 - Global Startup: YNLE0GLN.lnk = C:\WINDOWS\ynle0gln.exe
O4 - Global Startup: RBE3ZM3K.lnk = C:\WINDOWS\rbe3zm3k.exe
O4 - Global Startup: BA0MX73Z.lnk = C:\WINDOWS\ba0mx73z.exe
O4 - Global Startup: mpcx356d.lnk = ?
O4 - Global Startup: 7ZJ7C61G.lnk = C:\WINDOWS\7zj7c61g.exe
O4 - Global Startup: 9OYMA608.lnk = C:\WINDOWS\9oyma608.exe
O4 - Global Startup: 5U2PRO07.lnk = C:\WINDOWS\5u2pro07.exe
O4 - Global Startup: M7QYBYFT.lnk = C:\WINDOWS\m7qybyft.exe
O4 - Global Startup: JX3EMLXU.lnk = C:\WINDOWS\jx3emlxu.exe
O4 - Global Startup: UOLBIZE1.lnk = C:\WINDOWS\uolbize1.exe
O4 - Global Startup: PDOHWRBK.lnk = C:\WINDOWS\pdohwrbk.exe
O4 - Global Startup: 74OZBIAJ.lnk = C:\WINDOWS\74ozbiaj.exe
O4 - Global Startup: EXGU5FNP.lnk = C:\WINDOWS\exgu5fnp.exe
O4 - Global Startup: 0K8F5BP1.lnk = C:\WINDOWS\0k8f5bp1.exe
O4 - Global Startup: IMI2QPU0.lnk = C:\WINDOWS\imi2qpu0.exe
O4 - Global Startup: wujplqtp.lnk = ?
O4 - Global Startup: J2UDWL21.lnk = C:\WINDOWS\j2udwl21.exe
O4 - Global Startup: X4E153BI.lnk = C:\WINDOWS\x4e153bi.exe
O4 - Global Startup: A21P4YQ1.lnk = C:\WINDOWS\a21p4yq1.exe
O4 - Global Startup: A80VI7JT.lnk = C:\WINDOWS\a80vi7jt.exe
O4 - Global Startup: 9AVLRD1A.lnk = C:\WINDOWS\9avlrd1a.exe
O4 - Global Startup: 0IVT3H00.lnk = C:\WINDOWS\0ivt3h00.exe
O4 - Global Startup: BE7T4DQH.lnk = C:\WINDOWS\be7t4dqh.exe
O4 - Global Startup: JEG5HA7A.lnk = C:\WINDOWS\jeg5ha7a.exe
O4 - Global Startup: PJLRTV9W.lnk = C:\WINDOWS\pjlrtv9w.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} - http://esupport.aol.com/engine/aolcoach.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38041.7687615741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab
O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} (IEFeature Class) - http://www.popmonster.com/control/src/iefeatures.ocx
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin_US.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedblaster3/SpeedBlasterT_3.0.7_B4.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/new/bridge.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4339/mcfscan.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = charter.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1
Logfile of HijackThis v1.97.7
Scan saved at 7:12:14 PM, on 4/14/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...OL.COM/92671ac527/ac00krtyx_65v/ogsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R3 - URLSearchHook: (no name) - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: com
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL
O3 - Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AEHKN] C:\WINDOWS\AEHKN.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\MANAGE.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYWORD.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\DP-B23011805.EXE
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
O4 - HKLM\..\Run: [PJLRTV9W.EXE] C:\WINDOWS\PJLRTV9W.EXE /dk
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [PJLRTV9W.EXE] C:\WINDOWS\PJLRTV9W.EXE /dk
O4 - Startup: NFVK40PH.lnk = C:\WINDOWS\nfvk40ph.exe
O4 - Startup: 9AVLRD1A.lnk = C:\WINDOWS\9avlrd1a.exe
O4 - Startup: 0IVT3H00.lnk = C:\WINDOWS\0ivt3h00.exe
O4 - Startup: BE7T4DQH.lnk = C:\WINDOWS\be7t4dqh.exe
O4 - Startup: JEG5HA7A.lnk = C:\WINDOWS\jeg5ha7a.exe
O4 - Startup: PJLRTV9W.lnk = C:\WINDOWS\pjlrtv9w.exe
O4 - Global Startup: 8WANMBMT.lnk = ?
O4 - Global Startup: NFVK40PH.lnk = C:\WINDOWS\nfvk40ph.exe
O4 - Global Startup: M1TR13EW.lnk = C:\WINDOWS\m1tr13ew.exe
O4 - Global Startup: 2KFY1H4C.lnk = C:\WINDOWS\2kfy1h4c.exe
O4 - Global Startup: X7TEXVX2.lnk = C:\WINDOWS\x7texvx2.exe
O4 - Global Startup: O2OR00FD.lnk = C:\WINDOWS\o2or00fd.exe
O4 - Global Startup: V8WHQ6R7.lnk = C:\WINDOWS\v8whq6r7.exe
O4 - Global Startup: EC281N7L.lnk = C:\WINDOWS\ec281n7l.exe
O4 - Global Startup: tbbnnxh8.lnk = ?
O4 - Global Startup: 5RNUJPZ6.lnk = C:\WINDOWS\5rnujpz6.exe
O4 - Global Startup: 8ZHU5LLE.lnk = C:\WINDOWS\8zhu5lle.exe
O4 - Global Startup: ZA658QF6.lnk = C:\WINDOWS\za658qf6.exe
O4 - Global Startup: D55XPABR.lnk = C:\WINDOWS\d55xpabr.exe
O4 - Global Startup: DVWQL5YN.lnk = C:\WINDOWS\dvwql5yn.exe
O4 - Global Startup: YV04YILM.lnk = ?
O4 - Global Startup: PR533214.lnk = C:\WINDOWS\pr533214.exe
O4 - Global Startup: YZRX6ULN.lnk = C:\WINDOWS\yzrx6uln.exe
O4 - Global Startup: 1UOO0KRM.lnk = C:\WINDOWS\1uoo0krm.exe
O4 - Global Startup: YNLE0GLN.lnk = C:\WINDOWS\ynle0gln.exe
O4 - Global Startup: RBE3ZM3K.lnk = C:\WINDOWS\rbe3zm3k.exe
O4 - Global Startup: BA0MX73Z.lnk = C:\WINDOWS\ba0mx73z.exe
O4 - Global Startup: mpcx356d.lnk = ?
O4 - Global Startup: 7ZJ7C61G.lnk = C:\WINDOWS\7zj7c61g.exe
O4 - Global Startup: 9OYMA608.lnk = C:\WINDOWS\9oyma608.exe
O4 - Global Startup: 5U2PRO07.lnk = C:\WINDOWS\5u2pro07.exe
O4 - Global Startup: M7QYBYFT.lnk = C:\WINDOWS\m7qybyft.exe
O4 - Global Startup: JX3EMLXU.lnk = C:\WINDOWS\jx3emlxu.exe
O4 - Global Startup: UOLBIZE1.lnk = C:\WINDOWS\uolbize1.exe
O4 - Global Startup: PDOHWRBK.lnk = C:\WINDOWS\pdohwrbk.exe
O4 - Global Startup: 74OZBIAJ.lnk = C:\WINDOWS\74ozbiaj.exe
O4 - Global Startup: EXGU5FNP.lnk = C:\WINDOWS\exgu5fnp.exe
O4 - Global Startup: 0K8F5BP1.lnk = C:\WINDOWS\0k8f5bp1.exe
O4 - Global Startup: IMI2QPU0.lnk = C:\WINDOWS\imi2qpu0.exe
O4 - Global Startup: wujplqtp.lnk = ?
O4 - Global Startup: J2UDWL21.lnk = C:\WINDOWS\j2udwl21.exe
O4 - Global Startup: X4E153BI.lnk = C:\WINDOWS\x4e153bi.exe
O4 - Global Startup: A21P4YQ1.lnk = C:\WINDOWS\a21p4yq1.exe
O4 - Global Startup: A80VI7JT.lnk = C:\WINDOWS\a80vi7jt.exe
O4 - Global Startup: 9AVLRD1A.lnk = C:\WINDOWS\9avlrd1a.exe
O4 - Global Startup: 0IVT3H00.lnk = C:\WINDOWS\0ivt3h00.exe
O4 - Global Startup: BE7T4DQH.lnk = C:\WINDOWS\be7t4dqh.exe
O4 - Global Startup: JEG5HA7A.lnk = C:\WINDOWS\jeg5ha7a.exe
O4 - Global Startup: PJLRTV9W.lnk = C:\WINDOWS\pjlrtv9w.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Home (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} - http://esupport.aol.com/engine/aolcoach.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38041.7687615741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/flash.cab
O16 - DPF: {2CAB81F6-1CBB-49FD-809E-B2D37D0CFFED} (IEFeature Class) - http://www.popmonster.com/control/src/iefeatures.ocx
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin_US.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
O16 - DPF: {4945A5CB-1690-4189-AF3F-44BB7C197374} (CInstaller Object) - http://www.totalvelocity.com/speedblaster3/SpeedBlasterT_3.0.7_B4.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/new/bridge.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4339/mcfscan.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = charter.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1