randyw01
join:2004-11-05
Oakland, CA
| reply to bcastner
Re: browser redirect and sluggish startup; HT log added
Combofix log:
ComboFix 08-04-26.5 - RandallW 2008-04-27 16:04:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.123 [GMT -7:00]
Running from: C:\Documents and Settings\RandallW\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RandallW\Desktop\CFscript.txt
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dllcache\spoolsv.exe
.
---- Previous Run -------
.
C:\Program Files\download plugin
C:\Temp\fse
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\command.pif
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\uninsticn.exe
C:\WINDOWS\system32\update.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GDIW2K
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
28980-04-03 02:41 . 28980-04-03 02:41 3,120 --a------ C:\WINDOWS\system32\JIPE1H35.ocx
28980-04-03 02:41 . 28980-04-03 02:41 3,120 --a------ C:\WINDOWS\QR40374O.ocx
28980-04-03 02:41 . 28980-04-03 02:41 3,120 --a------ C:\WINDOWS\O498NP3Q.ocx
28980-04-03 02:41 . 28980-04-03 02:41 3,120 --a------ C:\WINDOWS\6459SFL2.ocx
2008-04-26 16:02 . 2008-04-26 16:02 d-------- C:\Documents and Settings\RandallW\Application Data\Malwarebytes
2008-04-26 15:58 . 2008-04-26 15:59 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-26 15:58 . 2008-04-26 15:58 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-26 02:07 . 2008-04-26 16:51 d-------- C:\Program Files\EsetOnlineScanner
2008-04-24 23:48 . 2008-04-24 23:48 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 22:03 . 2008-04-24 22:04 1,509,099 --ahs---- C:\WINDOWS\system32\bliixwbb.ini
2008-04-24 21:59 . 2008-04-26 15:57 109,756 --a------ C:\WINDOWS\BM2bfe5c27.xml
2008-04-22 22:08 . 2008-04-22 22:08 d-------- C:\Documents and Settings\RandallW\Application Data\Grisoft
2008-04-22 21:34 . 2008-04-22 21:34 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 21:34 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-22 21:10 . 2008-04-22 21:10 d-------- C:\Program Files\Windows Defender
2008-04-22 15:59 . 2008-04-22 15:59 d-------- C:\Program Files\Trend Micro
2008-04-20 16:11 . 2008-04-20 16:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 16:11 . 2008-04-20 16:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 13:27 . 2001-08-17 22:36 94,720 --a------ C:\WINDOWS\system32\umaxud32.dll
2008-04-15 13:27 . 2001-08-17 22:36 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2008-04-15 13:27 . 2001-08-17 22:36 69,632 --a------ C:\WINDOWS\system32\umaxu12.dll
2008-04-15 13:27 . 2001-08-17 22:36 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
2008-04-15 13:27 . 2001-08-17 22:36 50,688 --a------ C:\WINDOWS\system32\umaxscan.dll
2008-04-15 13:27 . 2001-08-17 22:36 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
2008-04-15 13:27 . 2008-04-15 13:31 136 --a------ C:\WINDOWS\ppdrv.ini
2008-04-13 00:56 . 2008-04-13 01:02 d-------- C:\Program Files\Norton AntiVirus
2008-04-13 00:55 . 2008-04-13 00:57 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-13 00:55 . 2008-04-13 00:57 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-13 00:54 . 2008-04-21 10:03 d-------- C:\Program Files\Symantec
2008-04-11 15:30 . 2008-04-11 15:30 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-11 15:30 . 2008-04-11 15:30 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-11 15:30 . 2007-04-15 22:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8V.DLL
2008-04-11 15:29 . 2008-04-11 15:29 d--h----- C:\Program Files\CanonBJ
2008-03-30 17:17 . 2008-03-24 09:58 920,304 --a------ C:\WINDOWS\system32\WindowsXP-KB905519-x86-ENU.exe
2008-03-29 00:27 . 2008-03-24 09:58 920,304 --a------ C:\WINDOWS\WindowsXP-KB905519-x86-ENU.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 00:24 4,741 ----a-w C:\WINDOWS\compaq.reg
2008-04-27 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-27 04:48 --------- d-----w C:\Program Files\yEnc32
2008-04-27 03:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 06:51 --------- d-----w C:\Program Files\Lavasoft
2008-04-23 04:43 --------- d-----w C:\Program Files\DivX
2008-04-14 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-13 07:57 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-13 07:57 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-11 22:38 --------- d-----w C:\Program Files\Canon
2008-04-02 19:45 --------- d-----w C:\Program Files\Coupons
2008-03-22 02:49 --------- d-----w C:\Program Files\Replay Music
2008-03-22 02:45 --------- d-----w C:\Program Files\Math ActivityMaker-Primary
2008-03-22 02:43 --------- d-----w C:\Program Files\Math ActivityMaker- Skills
2008-03-22 02:43 --------- d-----w C:\Program Files\Math ActivityMaker- Fractions
2008-03-21 16:53 --------- d-----w C:\Program Files\Java
2008-03-16 00:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-10 03:14 635 ----a-w C:\jfsADi.exe
2008-03-07 04:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 04:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 04:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-06 08:36 635 ----a-w C:\QqBMmT.exe
2008-02-13 05:30 7,680 ----a-w C:\WINDOWS\fetchuserid.exe
2008-02-11 23:26 691,545 ----a-w C:\WINDOWS\unins000.exe
2006-07-10 02:09 0 ----a-w C:\Documents and Settings\RandallW\Application Data\internaldb41.dat
2004-05-09 06:55 4,571,136 ------w C:\Documents and Settings\GameSpot DLX Secure Delivery\chordtrainersetup.exe
2004-02-11 18:52 2,989,381 ------w C:\Documents and Settings\GameSpot DLX Secure Delivery\oaw2102.zip
2003-07-31 17:03 3,188 ----a-w C:\Program Files\dvdxcopy301.nfo
2003-01-12 01:52 457 ----a-w C:\Program Files\INSTALL.LOG
2004-06-17 03:58 56 --sha-r C:\WINDOWS\system32\5A50D87783.sys
2004-10-12 06:42 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-21 16:53 1,592,642 --sha-w C:\WINDOWS\system32\onnmp.bak1
2003-08-05 05:25 220 --sha-w C:\WINDOWS\system32\ss.drv
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C1EA-F165BB85A330}]
2007-10-13 19:48 1909248 --a------ C:\PROGRA~1\mypoints\mypoints.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-13 01:00 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-13 19:48 1909248 --a------ C:\PROGRA~1\mypoints\mypoints.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-C1EA-F165BB85A330}"= C:\PROGRA~1\mypoints\mypoints.dll [2007-10-13 19:48 1909248]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= C:\PROGRA~1\mypoints\mypoints.dll [2007-10-13 19:48 1909248]
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c1ea-f165bb85a330}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 15:01 32768]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-07-26 05:21 705808]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-10 15:36 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-20 21:20 77824]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 15:43 98304]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 18:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-06 23:49 718704]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= Nuvision.ax
"VIDC.YV12"= vvlcodec.dll
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
"MSVideo"= lvfwwdmt.dll
[HKLM\~\startupfolder\C:^Documents and Settings^RandallW^Start Menu^Programs^Startup^KERclink.lnk]
backup=C:\WINDOWS\pss\KERclink.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CashSurfers CashBar Navigator]
C:\PROGRA~1\CASHSU~1\Cashbar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcwemMON]
--a------ 2007-03-29 18:22 61440 C:\WINDOWS\hcwemMON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lforb]
--a------ 2006-07-09 19:06 127488 C:\WINDOWS\system32\prdyak.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccPxySvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 03:43]
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys [2003-09-29 09:36]
R1 tvtool;tvtool;C:\Program Files\TVTool 8 base\tvtool.sys [1996-04-03 11:33]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\System32\drivers\PGPsdk.sys [2005-07-27 14:23]
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys [2003-09-29 09:37]
R3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys [2004-06-23 13:13]
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys [2003-09-29 09:40]
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys [2003-09-29 09:57]
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys [2003-09-29 09:59]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 JumpShot;Lexar Media USB Compact Flash Driver;C:\WINDOWS\system32\DRIVERS\LEXAR2K.SYS [2001-10-19 14:57]
S3 NUVision;Pinnacle LINX;C:\WINDOWS\system32\DRIVERS\NUVision.sys [2000-07-16 11:52]
S3 SUNPLUS;SightCAM PC-100p;C:\WINDOWS\system32\Drivers\SPIXNEW.SYS []
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 22:20]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 22:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - "E:\Toaw-CW\opart CW.exe" autorun
.
Contents of the 'Scheduled Tasks' folder
"2008-04-28 00:00:00 C:\WINDOWS\Tasks\AA66FD7B91857723.job"
- c:\docume~1\randallw\applic~1\intern~1\Bike Team Anti.exe
"2008-04-27 23:27:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-13 08:11:39 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - RandallW.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-04-27 17:25:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\compaq\Easy Access Button Support\CPQEADM.exe
C:\Compaq\EAKDRV\EAUSBKBD.exe
C:\PROGRA~1\compaq\EASYAC~1\BttnServ.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2008-04-27 17:43:14 - machine was rebooted [RandallW]
ComboFix-quarantined-files.txt 2008-04-28 00:42:22
Pre-Run: 14,642,917,376 bytes free
Post-Run: 14,996,099,072 bytes free
242
=============================================
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:31 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: 192.168.1.81
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - »www.worldwinner.com/games/v46/sc···ubes.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - »www.worldwinner.com/games/v41/mi···ines.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - »support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - »www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - »www.worldwinner.com/games/v47/sk···lgam.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - »https://www.peoplepc.com/ppcos/ISP60/Dow···webi.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - »www.worldwinner.com/games/v46/sh···ader.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - »www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - »us.chat1.yimg.com/us.yimg.com/i/···scom.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - »www.worldwinner.com/games/v48/br···kout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - »www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - »www.worldwinner.com/games/v43/ji···gsaw.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - »www.symantec.com/techsupp/asa/ss···tlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - »www.symantec.com/techsupp/asa/ss···tlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - »www.worldwinner.com/games/v52/ww···arts.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - »www.worldwinner.com/games/v63/bj···/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - »www.worldwinner.com/games/v46/be···eled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - »www.worldwinner.com/games/v49/bl···werx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »www.update.microsoft.com/microso···79311687
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - »www.worldwinner.com/games/v41/fr···cell.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - »ip.135mp3.com/135mp3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »www.update.microsoft.com/microso···79299890
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - »chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - »www.worldwinner.com/games/shared···unch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - »www.worldwinner.com/games/v46/wo···mojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - »www.worldwinner.com/games/v57/cu···ubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - »www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - »www.worldwinner.com/games/v49/lu···uxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - »www.worldwinner.com/games/v67/sw···apit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - »www.worldwinner.com/games/v41/ha···gman.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - »www.worldwinner.com/games/v42/ti···city.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - »www.worldwinner.com/games/v45/ro···oyal.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - »download.mcafee.com/molbin/share···dmgr.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - »www.worldwinner.com/games/v50/di···dash.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - »www.worldwinner.com/games/v43/pa···aint.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - »www.live365.com/players/play365.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - »www.worldwinner.com/games/v47/fa···feud.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - »www.worldwinner.com/games/v44/go···fsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - »www.worldwinner.com/games/v47/ww···ades.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - »tools.ebayimg.com/eps/activex/EP···1-32.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 14042 bytes |
