• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
scheuerman

Help me with this log

7 posts in this topic

Logfile of HijackThis v1.97.2

Scan saved at 3:27:17 PM, on 8/9/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\crvo32.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe

C:\WINDOWS\sdkoi32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\McAfee Virus Scan Home Edition 2004 Full Retail\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jmrxp.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jmrxp.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jmrxp.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jmrxp.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jmrxp.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jmrxp.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {C93674FC-5119-8EBA-A174-F9BA8737F9AD} - C:\WINDOWS\sdkoi32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FTNHXLEV] c:\windows\system32\ftnhxlev.exe /install

O4 - HKLM\..\Run: [RDQEECJS] c:\windows\system32\rdqeecjs.exe /install

O4 - HKLM\..\Run: [TKNDXCNG] c:\windows\system32\tkndxcng.exe /install

O4 - HKLM\..\Run: [uCMAGMZO] c:\windows\system32\ucmagmzo.exe /install

O4 - HKLM\..\Run: [EQOKGLJX] c:\windows\system32\eqokgljx.exe /install

O4 - HKLM\..\Run: [JWTHAMSJ] c:\windows\system32\jwthamsj.exe /install

O4 - HKLM\..\Run: [uCCVZZZK] c:\windows\system32\uccvzzzk.exe /install

O4 - HKLM\..\Run: [spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [atlun32.exe] C:\WINDOWS\system32\atlun32.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [apptq32.exe] C:\WINDOWS\system32\apptq32.exe

O4 - HKLM\..\Run: [sdkoi32.exe] C:\WINDOWS\sdkoi32.exe

O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [system Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaCA89.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1078692612875

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10a0f1a80f609b...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8049.9088078704

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...371/mcfscan.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - http://www.photolab.ca/activex/PCAXSetup.cab?

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab

Share this post


Link to post
Share on other sites

Here is the About Buster Log:

 

-- Scan 1 --------

About:Buster Version 1.26

Removed! : C:\WINDOWS\aewstb.dat

Removed! : C:\WINDOWS\agxoxj.dat

Removed! : C:\WINDOWS\ajqvup.dat

Removed! : C:\WINDOWS\applf.exe

Removed! : C:\WINDOWS\bbfnsq.dat

Removed! : C:\WINDOWS\cjilsp.dat

Removed! : C:\WINDOWS\cjppeb.dat

Removed! : C:\WINDOWS\d3ff.exe

Removed! : C:\WINDOWS\d3ns.exe

Removed! : C:\WINDOWS\d3qa32.exe

Removed! : C:\WINDOWS\d3uj.exe

Removed! : C:\WINDOWS\d3vq.exe

Removed! : C:\WINDOWS\dmised.dat

Removed! : C:\WINDOWS\docpdy.dat

Removed! : C:\WINDOWS\dsqyds.dat

Removed! : C:\WINDOWS\dzpyks.dat

Removed! : C:\WINDOWS\evauyy.dat

Removed! : C:\WINDOWS\falryt.dat

Removed! : C:\WINDOWS\gdqaao.dat

Removed! : C:\WINDOWS\gdtxyj.dat

Removed! : C:\WINDOWS\hkqdzp.dat

Removed! : C:\WINDOWS\hoksad.dat

Removed! : C:\WINDOWS\hvmweo.dat

Removed! : C:\WINDOWS\ieiq.exe

Removed! : C:\WINDOWS\ieozjv.dat

Removed! : C:\WINDOWS\iets32.exe

Removed! : C:\WINDOWS\ieut.exe

Removed! : C:\WINDOWS\iezi.exe

Removed! : C:\WINDOWS\ikceku.dat

Removed! : C:\WINDOWS\javalq32.exe

Removed! : C:\WINDOWS\javaxa32.exe

Removed! : C:\WINDOWS\jaxymf.dat

Removed! : C:\WINDOWS\jgwtrv.dat

Removed! : C:\WINDOWS\jlmhmf.dat

Removed! : C:\WINDOWS\jmrxp.dat

Removed! : C:\WINDOWS\jmrxp.dll

Removed! : C:\WINDOWS\jvjzmw.dat

Removed! : C:\WINDOWS\jwwbxl.dat

Removed! : C:\WINDOWS\kdmcel.dat

Removed! : C:\WINDOWS\knnjna.dat

Removed! : C:\WINDOWS\ktxrnh.dat

Removed! : C:\WINDOWS\kwzavt.dat

Removed! : C:\WINDOWS\lfafpm.dat

Removed! : C:\WINDOWS\lgxzqs.dat

Removed! : C:\WINDOWS\ljozxr.dat

Removed! : C:\WINDOWS\llmlkc.dat

Removed! : C:\WINDOWS\lndsub.dat

Removed! : C:\WINDOWS\loxdzl.dat

Removed! : C:\WINDOWS\ltxrud.dat

Removed! : C:\WINDOWS\lzkxia.dat

Removed! : C:\WINDOWS\mfcpc32.exe

Removed! : C:\WINDOWS\mmtbdh.dat

Removed! : C:\WINDOWS\mpcxmd.dat

Removed! : C:\WINDOWS\mrprsd.dat

Removed! : C:\WINDOWS\msei32.exe

Removed! : C:\WINDOWS\msfa32.exe

Removed! : C:\WINDOWS\mttfyw.dat

Removed! : C:\WINDOWS\mxlcrx.dat

Removed! : C:\WINDOWS\nawzee.dat

Removed! : C:\WINDOWS\netdq.exe

Removed! : C:\WINDOWS\netrx.exe

Removed! : C:\WINDOWS\nnhwky.dat

Removed! : C:\WINDOWS\nsxeoi.dat

Removed! : C:\WINDOWS\ntuz32.exe

Removed! : C:\WINDOWS\nuinfk.dat

Removed! : C:\WINDOWS\nxfqtq.dat

Removed! : C:\WINDOWS\n_cuxclp.dat

Removed! : C:\WINDOWS\n_dhysti.dat

Removed! : C:\WINDOWS\n_hhdzja.dat

Removed! : C:\WINDOWS\n_jysesq.dat

Removed! : C:\WINDOWS\n_kfwaay.dat

Removed! : C:\WINDOWS\n_krxydt.dat

Removed! : C:\WINDOWS\oapnfx.dat

Removed! : C:\WINDOWS\ooamqi.dat

Removed! : C:\WINDOWS\owdbld.dat

Removed! : C:\WINDOWS\owziov.dat

Removed! : C:\WINDOWS\pdjhhp.dat

Removed! : C:\WINDOWS\phkiyn.dat

Removed! : C:\WINDOWS\ppgwwf.dat

Removed! : C:\WINDOWS\ppnczy.dat

Removed! : C:\WINDOWS\pqhzpr.dat

Removed! : C:\WINDOWS\qdqadu.dat

Removed! : C:\WINDOWS\qehgkg.dat

Removed! : C:\WINDOWS\qhsejc.dat

Removed! : C:\WINDOWS\qombtz.dat

Removed! : C:\WINDOWS\qtavkx.dat

Removed! : C:\WINDOWS\ragrwz.dat

Removed! : C:\WINDOWS\raupxw.dat

Removed! : C:\WINDOWS\rcvnat.dat

Removed! : C:\WINDOWS\retrpm.dat

Removed! : C:\WINDOWS\rgawya.dat

Removed! : C:\WINDOWS\rhacxn.dat

Removed! : C:\WINDOWS\rrfxff.dat

Removed! : C:\WINDOWS\sdkns32.exe

Error Removing! : C:\WINDOWS\sdkoi32.dll

Removed! : C:\WINDOWS\sdkzb.exe

Removed! : C:\WINDOWS\seynqf.dat

Removed! : C:\WINDOWS\sjiogz.dat

Removed! : C:\WINDOWS\sqmuhw.dat

Removed! : C:\WINDOWS\svxeun.dat

Removed! : C:\WINDOWS\sysbx32.exe

Removed! : C:\WINDOWS\sysla32.exe

Removed! : C:\WINDOWS\syswn32.exe

Removed! : C:\WINDOWS\tdiizb.dat

Removed! : C:\WINDOWS\tfgccp.dat

Removed! : C:\WINDOWS\tgibou.dat

Removed! : C:\WINDOWS\tqloct.dat

Removed! : C:\WINDOWS\ttsyzs.dat

Removed! : C:\WINDOWS\whpcol.dat

Removed! : C:\WINDOWS\wmkytc.dat

Removed! : C:\WINDOWS\wysozk.dat

Removed! : C:\WINDOWS\xgzybj.dat

Removed! : C:\WINDOWS\xjzszp.dat

Removed! : C:\WINDOWS\yrsuop.dat

Removed! : C:\WINDOWS\yyxzhj.dat

Removed! : C:\WINDOWS\zodtlp.dat

Removed! : C:\WINDOWS\ztapon.dat

Removed! : C:\WINDOWS\System32\cmqcn.dat

Removed! : C:\WINDOWS\System32\javaii32.exe

Removed! : C:\WINDOWS\System32\netja.exe

Removed! : C:\WINDOWS\System32\zenyd.dat

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Removed __NS_Service_3 Key

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

 

 

 

 

 

And the Hijack This Log:

 

 

Logfile of HijackThis v1.97.2

Scan saved at 10:23:18 AM, on 8/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\winpc32.exe

C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\winyy.exe

C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\McAfee Virus Scan Home Edition 2004 Full Retail\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {C93674FC-5119-8EBA-A174-F9BA8737F9AD} - C:\WINDOWS\sdkoi32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FTNHXLEV] c:\windows\system32\ftnhxlev.exe /install

O4 - HKLM\..\Run: [RDQEECJS] c:\windows\system32\rdqeecjs.exe /install

O4 - HKLM\..\Run: [TKNDXCNG] c:\windows\system32\tkndxcng.exe /install

O4 - HKLM\..\Run: [uCMAGMZO] c:\windows\system32\ucmagmzo.exe /install

O4 - HKLM\..\Run: [EQOKGLJX] c:\windows\system32\eqokgljx.exe /install

O4 - HKLM\..\Run: [JWTHAMSJ] c:\windows\system32\jwthamsj.exe /install

O4 - HKLM\..\Run: [uCCVZZZK] c:\windows\system32\uccvzzzk.exe /install

O4 - HKLM\..\Run: [spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [atlun32.exe] C:\WINDOWS\system32\atlun32.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [apptq32.exe] C:\WINDOWS\system32\apptq32.exe

O4 - HKLM\..\Run: [winpc32.exe] C:\WINDOWS\winpc32.exe

O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [system Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"

O4 - HKLM\..\RunOnce: [winyy.exe] C:\WINDOWS\winyy.exe

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaCA89.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1078692612875

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10a0f1a80f609b...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8049.9088078704

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...371/mcfscan.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - http://www.photolab.ca/activex/PCAXSetup.cab?

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab

Share this post


Link to post
Share on other sites

Hmm doesnt look good. Reboot into safe mode and try again. Booting into safe mode is easy just tap F8 when the computer is first booting.

Share this post


Link to post
Share on other sites

About Buster in Safe MOde log:

 

-- Scan 1 --------

About:Buster Version 1.26

Removed! : C:\WINDOWS\sdkoi32.dll

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

 

 

 

 

 

 

 

Hijack This in Safe Mode LOg:

 

Logfile of HijackThis v1.97.2

Scan saved at 3:21:40 PM, on 8/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\McAfee Virus Scan Home Edition 2004 Full Retail\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {C93674FC-5119-8EBA-A174-F9BA8737F9AD} - C:\WINDOWS\sdkoi32.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FTNHXLEV] c:\windows\system32\ftnhxlev.exe /install

O4 - HKLM\..\Run: [RDQEECJS] c:\windows\system32\rdqeecjs.exe /install

O4 - HKLM\..\Run: [TKNDXCNG] c:\windows\system32\tkndxcng.exe /install

O4 - HKLM\..\Run: [uCMAGMZO] c:\windows\system32\ucmagmzo.exe /install

O4 - HKLM\..\Run: [EQOKGLJX] c:\windows\system32\eqokgljx.exe /install

O4 - HKLM\..\Run: [JWTHAMSJ] c:\windows\system32\jwthamsj.exe /install

O4 - HKLM\..\Run: [uCCVZZZK] c:\windows\system32\uccvzzzk.exe /install

O4 - HKLM\..\Run: [spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [atlun32.exe] C:\WINDOWS\system32\atlun32.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [apptq32.exe] C:\WINDOWS\system32\apptq32.exe

O4 - HKLM\..\Run: [winpc32.exe] C:\WINDOWS\winpc32.exe

O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [system Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaCA89.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1078692612875

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10a0f1a80f609b...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8049.9088078704

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...371/mcfscan.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - http://www.photolab.ca/activex/PCAXSetup.cab?

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab

 

thanks for your help

Edited by scheuerman

Share this post


Link to post
Share on other sites

Hey looks like the main infection is gone. :) Good news !

 

Ok run Hijack This and tick the boxes next to these items.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {C93674FC-5119-8EBA-A174-F9BA8737F9AD} - C:\WINDOWS\sdkoi32.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [FTNHXLEV] c:\windows\system32\ftnhxlev.exe /install

O4 - HKLM\..\Run: [RDQEECJS] c:\windows\system32\rdqeecjs.exe /install

O4 - HKLM\..\Run: [TKNDXCNG] c:\windows\system32\tkndxcng.exe /install

O4 - HKLM\..\Run: [uCMAGMZO] c:\windows\system32\ucmagmzo.exe /install

O4 - HKLM\..\Run: [EQOKGLJX] c:\windows\system32\eqokgljx.exe /install

O4 - HKLM\..\Run: [JWTHAMSJ] c:\windows\system32\jwthamsj.exe /install

O4 - HKLM\..\Run: [uCCVZZZK] c:\windows\system32\uccvzzzk.exe /install

O4 - HKLM\..\Run: [atlun32.exe] C:\WINDOWS\system32\atlun32.exe

O4 - HKLM\..\Run: [apptq32.exe] C:\WINDOWS\system32\apptq32.exe

O4 - HKLM\..\Run: [winpc32.exe] C:\WINDOWS\winpc32.exe

O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaCA89.exe

 

Now close all windows and hit fix checked. Restart and delete all these files if present.

 

C:\WINDOWS\winpc32.exe

C:\WINDOWS\system32\ftnhxlev.exe

C:\WINDOWS\system32\rdqeecjs.exe

C:\WINDOWS\system32\tkndxcng.exe

C:\WINDOWS\system32\ucmagmzo.exe

C:\WINDOWS\system32\eqokgljx.exe

C:\WINDOWS\system32\jwthamsj.exe

C:\WINDOWS\system32\uccvzzzk.exe

C:\WINDOWS\system32\atlun32.exe

C:\WINDOWS\system32\apptq32.exe

 

Restart once more and post a new Hijack this log.

Edited by RubbeR DuckY

Share this post


Link to post
Share on other sites

hijack this log

 

 

Logfile of HijackThis v1.97.2

Scan saved at 8:23:35 PM, on 8/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\netmh.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\winpc32.exe

C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\McAfee Virus Scan Home Edition 2004 Full Retail\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ptnqz.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ptnqz.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ptnqz.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ptnqz.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ptnqz.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ptnqz.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {41B07E2C-E9E2-8FB3-E92D-F43E8F8F3DBB} - C:\WINDOWS\system32\appmq32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [winpc32.exe] C:\WINDOWS\winpc32.exe

O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [system Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"

O4 - HKLM\..\RunOnce: [netmh.exe] C:\WINDOWS\netmh.exe

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1078692612875

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10a0f1a80f609b...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/en/wowbeta/Si.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8049.9088078704

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...371/mcfscan.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - http://www.photolab.ca/activex/PCAXSetup.cab?

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0