1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help with hijackthis log

Discussion in 'Windows XP' started by smokincollee, Jan 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. smokincollee

    smokincollee Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    20
    First I want to say thanks to all who have helped me in the past...you guys are awsome. Now I need someone to read my hijackthis log and tell me what I can get rid of. I went away for a while and this is what I came home to. I just wish I knew what all the things meant so I wouldn't have to bother you guys. I'm pretty sure I can get rid of all the winmx stuff. Thanks in advance.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:29:15 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinMXDownloadWinMX3.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\Randy\LOCALS~1\Temp\Temporary Directory 4 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.music.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.ca
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 205.238.40.2 www.winmx.com
    O1 - Hosts: 205.238.40.2 err.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [001VideoDriver] C:\WINDOWS\system10.exe
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [fylctdf] c:\windows\system32\nvqcuy.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Halloween\\trioService.exe "
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    O4 - Global Startup: WinMXDownloadWinMX3.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm082YYCA
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: load - http://www.funtest.co.uk/service/html/load.CAB
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_65.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyMailNotifierFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {29C8B1AC-073B-46AC-A077-5114D4C3BF0C} (Image Uploader 3.0 Control) - http://photoshare.shaw.ca/include/ImageUploader.cab
    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - https://www.opinionsquare.com/Config/setup.exe
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1506041e016596743518/netzip/RdxIE601.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124995267890
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/collapse/collapse.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab40641.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/meninblackII/install.cab
    O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegaspalms.microgaming.com/vegaspalms/FlashAX.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {E66A5764-212B-40EC-8FB8-16949F6A82CD} - http://www.ouchvideo.com/c8/svcmm32.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    HiJackThis is runing from a temp directory and must be moved to run correctly

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    =====================
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:
    (Start tapping F8 at the first black screen after power up)

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode

    =========================
    Download Hoster from here:
    www.funkytoad.com/download/hoster.zip
    Run the program Hoster and press Restore Original Hosts, OK, and Exit Program

    Post the Ewido and a new HiJack log
     
  3. smokincollee

    smokincollee Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    20
    Logfile of HijackThis v1.99.1
    Scan saved at 1:13:07 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinMXDownloadWinMX3.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.music.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.ca
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 205.238.40.2 www.winmx.com
    O1 - Hosts: 205.238.40.2 err.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [001VideoDriver] C:\WINDOWS\system10.exe
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [fylctdf] c:\windows\system32\nvqcuy.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Halloween\\trioService.exe "
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    O4 - Global Startup: WinMXDownloadWinMX3.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm082YYCA
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: load - http://www.funtest.co.uk/service/html/load.CAB
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_65.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyMailNotifierFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {29C8B1AC-073B-46AC-A077-5114D4C3BF0C} (Image Uploader 3.0 Control) - http://photoshare.shaw.ca/include/ImageUploader.cab
    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - https://www.opinionsquare.com/Config/setup.exe
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1506041e016596743518/netzip/RdxIE601.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124995267890
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/collapse/collapse.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab40641.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/meninblackII/install.cab
    O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegaspalms.microgaming.com/vegaspalms/FlashAX.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {E66A5764-212B-40EC-8FB8-16949F6A82CD} - http://www.ouchvideo.com/c8/svcmm32.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Need the log AFTER you've run Ewido and Hoster
     
  5. smokincollee

    smokincollee Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    20
    Ok. Here is my HJT log. I'll post my Ewido log file in another posting. Both won't fit in one.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:53:23 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinMXDownloadWinMX3.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.music.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.ca
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 205.238.40.2 www.winmx.com
    O1 - Hosts: 205.238.40.2 err.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [001VideoDriver] C:\WINDOWS\system10.exe
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [fylctdf] c:\windows\system32\nvqcuy.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Halloween\\trioService.exe "
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
    O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    O4 - Global Startup: WinMXDownloadWinMX3.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm082YYCA
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: load - http://www.funtest.co.uk/service/html/load.CAB
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_65.cab
    O16 - DPF: {29C8B1AC-073B-46AC-A077-5114D4C3BF0C} (Image Uploader 3.0 Control) - http://photoshare.shaw.ca/include/ImageUploader.cab
    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1506041e016596743518/netzip/RdxIE601.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124995267890
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/collapse/collapse.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab40641.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/meninblackII/install.cab
    O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegaspalms.microgaming.com/vegaspalms/FlashAX.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {E66A5764-212B-40EC-8FB8-16949F6A82CD} - http://www.ouchvideo.com/c8/svcmm32.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  6. smokincollee

    smokincollee Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    20
    Here is the other report. Thanks so much for all your help.
    HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} -> Spyware.MarketScore : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4A0F42B7-A61B-4131-BF41-BF05A2635BFD} -> Spyware.CometCursor : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{665ABE65-2C16-4341-B4B8-01FF799E8F4C} -> Spyware.CometCursor : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{83654581-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{83654582-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{83654583-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{83654584-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{83654585-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{9DBDD71C-0A7F-48AC-9FFA-E102B3750B9D} -> Spyware.CometCursor : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956} -> Spyware.CometCursor : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370} -> Spyware.CometCursor : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544} -> Spyware.CometCursor : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{83654580-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\iWon -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\iWon\iWonBar -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\iWon\iWonSlots -> Spyware.iWon : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} -> Spyware.MarketScore : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKLM\SOFTWARE\WhenUSave -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\WhenUSave\Partners -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\WhenUSave\Partners\EEPE -> Spyware.SaveNow : Cleaned with backup
    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
    HKU\S-1-5-21-1659004503-842925246-839522115-1004\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
    HKU\S-1-5-21-1659004503-842925246-839522115-1004\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} -> Spyware.CometCursor : Cleaned with backup
    HKU\S-1-5-21-1659004503-842925246-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-1659004503-842925246-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKU\S-1-5-21-1659004503-842925246-839522115-1004\Software\Classes\{204F937E-519E-4597-96FA-8F1F59F3CB6D} -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1659004503-842925246-839522115-1004_Classes\{204F937E-519E-4597-96FA-8F1F59F3CB6D} -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Babysitters\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Randy\Application Data\Mozilla\Profiles\default\phusxs8d.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Randy\Application Data\Phoenix\Profiles\default\6ycqigrn.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][3].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Adbutler : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Randy\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Randy\Local Settings\Temp\antispy.exe -> Spyware.AdURL : Cleaned with backup
    C:\Documents and Settings\Randy\Local Settings\Temp\down.cab/WToolsB.dll -> Spyware.Wintol : Error during cleaning
    C:\Documents and Settings\Randy\Local Settings\Temp\tmp1073259383.exe -> Heuristic.Win32.Dialer : Cleaned with backup
    C:\Documents and Settings\Randy\Local Settings\Temp\tmp1073259541.exe -> Heuristic.Win32.Dialer : Cleaned with backup
    C:\Documents and Settings\Randy\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Randy\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
    C:\Documents and Settings\Randy\ss.exe -> Spyware.AdURL : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt ->
     
  7. smokincollee

    smokincollee Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    20
    Couldn't fit the whole thing in one so here's part 2

    Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Randy_2\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Sierra\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Sierra\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Downloads\Clue-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\MONOPOLY-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\RollerCoasterTycoon2-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\Downloads\ScrabbleSetup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
    C:\My Downloads\winamp cdg.zip/setup.exe -> Downloader.IstBar.nk : Cleaned with backup
    C:\Program Files\Bcpc -> Spyware.BroadcastPC : Cleaned with backup
    C:\Program Files\Messenger Plus! 2\Setup.dat/70000011.exe -> Downloader.Swizzor.af : Error during cleaning
    C:\Program Files\Microsoft AntiSpyware\Quarantine\0361E465-2325-4F60-A74B-911D8A\90023BE3-D94F-4A85-94E5-A4D440 -> Spyware.SurfAccuracy : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\1B618E46-B2F4-4090-9DD2-BDCB11\704047FE-FD75-4E5B-972A-865EE0 -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\1EFDBB93-CDBC-4893-BA7E-42825D\B6D0AABA-3B0C-406E-AC6C-5FFED7 -> Spyware.AdBlaster : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\556EDAF9-8B29-4675-9ADE-8A1EBA\E23BCC0B-CCB2-4924-9A24-403782 -> Adware.SAHA : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\8BFE1EF6-E5E9-470F-A6FA-F37A11\B41C2AC3-8055-4E70-B7A2-080366 -> Spyware.PowerScan : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B354B131-B43B-4C37-843D-91C0DE\4CAFD205-7AFA-4DC7-B6BF-A81557/ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B354B131-B43B-4C37-843D-91C0DE\4CAFD205-7AFA-4DC7-B6BF-A81557/ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B354B131-B43B-4C37-843D-91C0DE\65AFDD2A-F870-4992-B1C4-9D34E6 -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B354B131-B43B-4C37-843D-91C0DE\C124B11F-1F36-4B80-8D92-4773B1 -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B354B131-B43B-4C37-843D-91C0DE\C2CFEDB3-271F-43A9-9E4B-1BB7E8 -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B354B131-B43B-4C37-843D-91C0DE\F7407193-6B46-4975-B096-6169DA -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\B5EBE53E-07E7-4016-80B8-B5F05F\D7562AD1-0986-4B9F-8807-53C314 -> Spyware.NewDotNet : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\D6D3E2AB-D338-4EE5-B3B8-D391D9\FC1C80EF-BB6E-4A17-9710-0BE9FE -> Spyware.AdBlaster : Cleaned with backup
    C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL -> Spyware.FunWeb : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL -> Spyware.Wesbar : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL -> Adware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL -> Adware.IWon : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL -> Adware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE -> Spyware.Wesbar : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL -> Spyware.MyWebSearch : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
    C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\antispy.exe -> Spyware.AdURL : Cleaned with backup
    C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
    C:\WINDOWS\system32\in7bMs.dll -> Adware.eZula : Cleaned with backup
    C:\WINDOWS\system32\psis80ex.ax/C:/WINDOWS/system32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\SplashSpot Games.exe -> Spyware.AdURL : Cleaned with backup
    C:\WINDOWS\unstall.exe -> Spyware.MediaMotor : Cleaned with backup
    C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
    C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


    ::Report End

    Sorry, didn't know how else to get it all to fit. Thanks :eek:
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Add remove programs – remove newdotnet

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL (file missing)

    O4 - HKLM\..\Run: [fylctdf] c:\windows\system32\nvqcuy.exe

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

    O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Halloween\\trioService.exe "

    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

    O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe

    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe

    O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min

    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE

    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE

    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe

    O4 - Global Startup: WinMXDownloadWinMX3.exe

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm082YYCA

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1506041e...p/RdxIE601.cab

    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab

    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB

    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...II/install.cab

    O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    ===========================
    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    .NET Framework Service

    Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.

    Repeat for - FreezeScreenSaver


    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\FreezeScreenSaver.exe
    C:\Program Files\MyWebSearch
    c:\windows\system32\nvqcuy.exe
    C:\PROGRAM FILES\NEWDOTNET
    C:\PROGRAM FILES\Freeze.com
    C:\Program Files\Save
    C:\windows\system32\ngpw36.exe
    C:\windows\system32\adprot.exe
    C:\Program Files\System Soap Pro
    C:\Program Files\WebSecureAlert

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin

    Run the hoster program again

    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  9. smokincollee

    smokincollee Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    20
    Thank you so much for all that advice. My computer is running much faster now. There were a few that I couldn't get rid of but for the most part it got rid of a lot of the stuff on my computer. One of the things that bothers me most is the NEWDOT file. I can't get rid of it and it keeps trying to run on start up. Is there any other way I can try to get rid of it besides Add/Remove programs and the Kill box one? Otherwise I thank you for all your help. Here is my latest HJT scan.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:23:59 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\INCRED~1\bin\IncMail.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.music.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.ca
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
    O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [001VideoDriver] C:\WINDOWS\system10.exe
    O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
    O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: load - http://www.funtest.co.uk/service/html/load.CAB
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_65.cab
    O16 - DPF: {29C8B1AC-073B-46AC-A077-5114D4C3BF0C} (Image Uploader 3.0 Control) - http://photoshare.shaw.ca/include/ImageUploader.cab
    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47/blockwerx/blockwerx.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124995267890
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/collapse/collapse.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab40641.cab
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegaspalms.microgaming.com/vegaspalms/FlashAX.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {E66A5764-212B-40EC-8FB8-16949F6A82CD} - http://www.ouchvideo.com/c8/svcmm32.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. smokincollee

    smokincollee Thread Starter

    Joined:
    Nov 11, 2003
    Messages:
    20
    Well, on start up this am it didn't seem to be there. Usually when I start up it tries to load it and it doesn't. Now, one more question and I'll try to promise not to bug you anymore. I'm not sure if it did this last night as my Uncle was on the computer after I went to bed, but my computer shuts it's self down sometimes. Usually telling me there was an error and it had to shut down when I restart it in the morning. It didn't tell me that today, but I don't think my Uncle would have shut it down. Could you tell me why it's happening? When check out the error message on Microsoft it keeps telling me it doesn't know why it did it but it'll check into it. I don't know why it started. I did a system restore and it seemed to stop but like I said I think it happened again last night. I'm not completely concerned but if you have any ideas that would be great. And once more a big thank you for all your help. :)
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/434938

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice