Jump to content


Photo

Can someone please look at my log


  • This topic is locked This topic is locked
8 replies to this topic

#1 Rev Fred

Rev Fred

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 05 June 2007 - 12:58 PM

Hello excellent people. You were able to help me last year with my work computer, but now my home PC is suffering! It is running incredibly slowly, and the HT log seems to be very long. Can someone please tell me what to delete.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:53:35, on 05/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\d0ia7kcp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jerry-Werry\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [d0ia7kcp] C:\WINDOWS\system32\d0ia7kcp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KBsqROd3V] C:\Program Files\asdfe57\SPBS.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

--
End of file - 10550 bytes

#2 Rev Fred

Rev Fred

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 07 June 2007 - 04:49 AM

Boing!

Can anyone out there help me?

Thanks!

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 08 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 11 June 2007 - 02:55 AM

Hi,

It looks like you never scanned with an Antispyware scanner, because I see some spyware present here that should be deleted easily by any scanner. So do next..

Download and install Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Post the contents of the log in your next reply together with a new HijackThislog

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#5 Rev Fred

Rev Fred

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 17 June 2007 - 04:41 AM

Hello Miekiemoes, thank you very much for helping me!

I followed your instructions, and here is the SUperantispyware log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/16/2007 at 11:36 PM

Application Version : 3.8.1002

Core Rules Database Version : 3256
Trace Rules Database Version: 1267

Scan type : Complete Scan
Total Scan Time : 00:57:24

Memory items scanned : 482
Memory threats detected : 2
Registry items scanned : 6222
Registry threats detected : 109
File items scanned : 42156
File threats detected : 203

Adware.BargainBuddy
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
[BullsEye Network] C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\TEMP\BARGAINS.EXE
C:\WINDOWS\SYSTEM32\ANGELEX.EXE

Adware.eXact Advertising
C:\WINDOWS\SYSTEM32\MSBE.DLL
C:\WINDOWS\SYSTEM32\MSBE.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP518\A0054688.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP519\A0054696.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP520\A0054701.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0054704.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0054720.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0054731.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP522\A0054732.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP522\A0054743.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP523\A0054745.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP523\A0054756.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP524\A0054759.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP525\A0054767.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP525\A0054787.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP526\A0054789.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP527\A0054808.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP528\A0054810.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP529\A0054813.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP530\A0054821.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP531\A0054824.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP532\A0054834.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP532\A0054855.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP533\A0054912.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP533\A0055292.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP534\A0055323.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP534\A0055342.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP535\A0055354.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP536\A0055595.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP537\A0055832.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP538\A0055981.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP539\A0056025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP540\A0056206.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP541\A0056408.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP541\A0056719.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP542\A0056752.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP543\A0057122.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP544\A0057292.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0057472.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP546\A0057695.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP547\A0057858.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0058014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP549\A0058170.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP550\A0058318.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0058344.EXE
C:\WINDOWS\SYSTEM32\EXDL.EXE
C:\WINDOWS\SYSTEM32\EXDL0.EXE
C:\WINDOWS\SYSTEM32\EXDL1.EXE
C:\WINDOWS\SYSTEM32\EXUL.EXE
C:\WINDOWS\SYSTEM32\JAVEXULM.VXD
C:\WINDOWS\SYSTEM32\MQEXDLM.SRG
C:\WINDOWS\Prefetch\EXDL1.EXE-2FB9756E.pf

BHObj Class BHO
HKLM\Software\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32#ThreadingModel
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\Programmable
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID
C:\WINDOWS\WSEM303.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

ADP UrlCatcher Class BHO
HKLM\Software\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32#ThreadingModel
HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID
HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\Programmable
HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}

Adware.Zesoft
HKLM\System\ControlSet001\Services\ZESOFT
C:\WINDOWS\ZETA.EXE
HKLM\System\ControlSet004\Services\ZESOFT
HKLM\System\CurrentControlSet\Services\ZESOFT
C:\WINDOWS\Prefetch\ZETA.EXE-01FED185.pf

Adware.Tracking Cookie
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@serving-sys[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ad1.emediate[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@advertising[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.smartadserver[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@edge.ru4[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@e-2dj6wfk4eiajmbo.stats.esomniture[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@onetruemedia[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@revsci[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@bluestreak[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@as-eu.falkag[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@stat.dealtime[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@overture[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@roiservice[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@122.2o7[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@tradedoubler[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@server.iad.liveperson[4].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@mb[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@tracking.webdiversity.co[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@dealtime[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@doubleclick[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@adopt.euroclick[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ads.pointroll[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@a[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@adrevolver[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@sales.liveperson[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.hometrack.co[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@40715998[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@uk.sitestat[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@paypal.112.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@atoc.112.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ads.guardian.co[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ad.yieldmanager[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-debenhams.hitbox[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@xiti[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@tacoda[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-magicalia.hitbox[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@indextools[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@track.webgains[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@anat.tacoda[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@perf.overture[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@triumph[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ads.autotrader.co[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@adtech[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@uk.sitestat[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@counter.hitslink[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@linksynergy[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@hc2.humanclick[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-bbc.hitbox[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@server.iad.liveperson[3].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@bs.serving-sys[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.burstnet[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@web-stat[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@247realmedia[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@tracker.netklix[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@umstreet.adbureau[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@digitalclarity.112.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@server.iad.liveperson[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.googleadservices[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@bloomingmarvellous.112.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.googleadservices[3].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@qksrv[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-hitent.hitbox[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@casalemedia[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ads.revsci[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@stats.channel4[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@anad.tacoda[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@adbrite[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@chopin.hometrack.co[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@s[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@e-2dj6wfk4qldpsfo.stats.esomniture[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.w3counter[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.indclick[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@apmebf[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@2o7[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@zedo[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@netli.media.adrevolver[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@questionmarket[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@media.adrevolver[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@statse.webtrendslive[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.googleadservices[4].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@counter2.hitslink[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@saletrack.co[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@kanoodle[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ads.adbrite[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@indexstats[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@mediaplex[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@keywordmax[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-autotrader.hitbox[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@nextag.co[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@hc2.humanclick[3].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@hitbox[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@cgi-bin[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@tribalfusion[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@statcounter[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@atwola[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@fastclick[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-bskyb.hitbox[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@atdmt[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@server.iad.liveperson[5].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@webstat[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@centerparcs.112.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@amznmothercare.122.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@fortunecity[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@data3.perf.overture[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.hxtrack[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@adv.webmd[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@nextag[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ads.telegraph.co[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ehg-nfusiongroup.hitbox[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@CA2XZWIW.txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@amazonms.122.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@CAMLXNR5.txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.googleadservices[8].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@specificclick[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@upi.112.2o7[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@studenti.adbureau[1].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@www.googleadservices[5].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@e-2dj6whl4kod5oko.stats.esomniture[2].txt
C:\Documents and Settings\Jerry-Werry\Cookies\jerry-werry@ads.uknetguide.co[1].txt

Adware.Avenue Media/Internet Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment
HKU\S-1-5-21-2977932675-4084352309-2581093355-1006\Software\Avenue Media
HKLM\Software\Avenue Media
HKLM\Software\Avenue Media\Internet Optimizer
HKLM\Software\Avenue Media\Internet Optimizer#TargetDir
HKLM\Software\Avenue Media\Internet Optimizer#CLS
HKLM\Software\Avenue Media\Internet Optimizer#RID
HKLM\Software\Avenue Media\Internet Optimizer#Version
HKLM\Software\Avenue Media\Internet Optimizer#TAC
HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited
HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval
HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval
HKLM\Software\Avenue Media\Internet Optimizer#ID
HKLM\Software\Avenue Media\Internet Optimizer#InstallT
HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT]
HKLM\Software\Avenue Media\Internet Optimizer#Conn
HKLM\Software\Avenue Media\Internet Optimizer#403
HKLM\Software\Avenue Media\Internet Optimizer#404
HKLM\Software\Avenue Media\Internet Optimizer#410
HKLM\Software\Avenue Media\Internet Optimizer#500
HKLM\Software\Avenue Media\Internet Optimizer#RemovedPrograms
HKLM\Software\Avenue Media\Internet Optimizer\anything
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\anything\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer#Version
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer#Target
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer\cf1
HKLM\Software\Avenue Media\Internet Optimizer\WSE
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options
HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19953
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18602
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18571
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf1
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#RawData
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Data
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Version
HKU\S-1-5-21-2977932675-4084352309-2581093355-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKU\S-1-5-21-2977932675-4084352309-2581093355-1006\SOFTWARE\Policies\Avenue Media
HKLM\SOFTWARE\Policies\Avenue Media
C:\Program Files\Internet Optimizer\sim
C:\Program Files\Internet Optimizer\update\optimize313.exe
C:\Program Files\Internet Optimizer\update
C:\Program Files\Internet Optimizer

Adware.BargainBuddy/NaviSearch
HKLM\SOFTWARE\Bargains
HKLM\SOFTWARE\Bargains#MainDir
HKLM\SOFTWARE\Bargains#Binary
HKLM\SOFTWARE\Bargains#ConfigUpdateQueryUrl
HKLM\SOFTWARE\Bargains#ADDataUpdateQueryUrl
HKLM\SOFTWARE\Bargains#SoftwareUpdateQueryUrl
HKLM\SOFTWARE\Bargains#ServerName
HKLM\SOFTWARE\Bargains#ServerPath
HKLM\SOFTWARE\Bargains#TrackingServerPath
HKLM\SOFTWARE\Bargains#TrackingGIFURL
HKLM\SOFTWARE\Bargains#SliderLegalText
HKLM\SOFTWARE\Bargains#ServerPort
HKLM\SOFTWARE\Bargains#UpdateQueryDuration
HKLM\SOFTWARE\Bargains#UpdateQueryFailedDuration
HKLM\SOFTWARE\Bargains#BuildNumber
HKLM\SOFTWARE\Bargains#AdvDelaySec
HKLM\SOFTWARE\Bargains#TrackingFileFlag
HKLM\SOFTWARE\Bargains#FirstHit
HKLM\SOFTWARE\Bargains#PartnerName
HKLM\SOFTWARE\Bargains#PartnerID
HKLM\SOFTWARE\Bargains#SystemInstallTime
HKLM\SOFTWARE\Bargains#UniqueKey
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy#NoRepair
C:\Program Files\BullsEye Network\bin\adv.exe
C:\Program Files\BullsEye Network\bin\adx.exe
C:\Program Files\BullsEye Network\bin
C:\Program Files\BullsEye Network\t1118584473.dec
C:\Program Files\BullsEye Network\t1122743061.dec
C:\Program Files\BullsEye Network\t1127766064.dec
C:\Program Files\BullsEye Network\t1134814141.dec
C:\Program Files\BullsEye Network\t1136404711.dec
C:\Program Files\BullsEye Network\t1141550469.dec
C:\Program Files\BullsEye Network\t1149102581.dec
C:\Program Files\BullsEye Network\t1162413082.dec
C:\Program Files\BullsEye Network\t1165957291.dec
C:\Program Files\BullsEye Network\t1166635123.dec
C:\Program Files\BullsEye Network\ub.dat
C:\Program Files\BullsEye Network\Uninstall.exe
C:\Program Files\BullsEye Network

Adware.Apropos Media
C:\DOCUMENTS AND SETTINGS\JERRY-WERRY\LOCAL SETTINGS\TEMP\AUF0.EXE

Adware.180solutions/Search Assistant
C:\DOCUMENTS AND SETTINGS\JERRY-WERRY\LOCAL SETTINGS\TEMP\DEL89.TMP

Unclassified.Unknown Origin
C:\TEMP\CTXPACK6.EXE


and here is a new HT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:39:13, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\d0ia7kcp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jerry-Werry\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [d0ia7kcp] C:\WINDOWS\system32\d0ia7kcp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KBsqROd3V] C:\Program Files\asdfe57\SPBS.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 10142 bytes

#6 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 17 June 2007 - 06:08 AM

Hi,

See how important it is to perform a scan first? It already detected and deleted a lot.

Let's deal with the rest now...

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [d0ia7kcp] C:\WINDOWS\system32\d0ia7kcp.exe
O4 - HKCU\..\Run: [KBsqROd3V] C:\Program Files\asdfe57\SPBS.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Navigate to and delete next file and folder:

C:\WINDOWS\system32\d0ia7kcp.exe <== file
C:\Program Files\asdfe57 <== folder

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Post a new HijackThislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#7 Rev Fred

Rev Fred

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 24 June 2007 - 11:03 AM

Thanks dude!

Here we go:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:59:54, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jerry-Werry\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 8786 bytes

#8 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 24 June 2007 - 11:37 AM

Hi,

Your log looks clean again.
How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#9 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 03 July 2007 - 06:00 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button