Well as controversial as it is, here is the log file:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Annex Six\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.aurafice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.aurafice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer
N4 - Mozilla: user_pref("browser.startup.homepage",
"
http://www.aurafice.com"); (C:\Documents and Settings\Annex
Six\Application Data\Mozilla\Profiles\default\kjpofp8x.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src");
(C:\Documents and Settings\Annex Six\Application
Data\Mozilla\Profiles\default\kjpofp8x.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector -
{1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Cleaning Tools\IE Privacy
Keeper\IEPKbho.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [imjpmig]
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe /RemAdvDef /AIMEREG
/Migration /SetPreload
O4 - HKLM\..\Run: [ICQ Net]
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -stealth
O4 - HKLM\..\Run: [DateCheck]
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe /RemAdvDef /AIMEREG
/Migration /SetPreload
O4 - HKLM\..\Run: [ADUserMon] C:\Program
Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton
SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [CafeAgent] C:\WINDOWS\System32\CafeAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton
SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A}
/MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
Files\America Online 9.0\aoltray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk =
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} -
(no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet
Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape
Browser\PLUGINS\npTrident.dll
O16 - DPF: HushEncryptionEngine -
https://mailserver2.hushmail.com/hushmail/HushEncryptionEngine.cab
O16 - DPF: {130AC32C-DE0D-43EF-AD82-2599E9F95153} (XEng001.XEng001Ctl)
-
http://iii.tv/pink/001/XEng001.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://smtp.cfr.org/iNotes.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
-
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class)
-
http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/067b8c2e835391b29422/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120073847916
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644}
(AtlAtomadersCtlAttrib Class) -
http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67085ECE-F45C-482A-B47B-30B5214EA18E} (AtlFlip Class) -
http://www.flipviewer.com/exe/fvlite.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) -
http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client
Control (redist)) -
http://talonnw.com/ts/ts1/msrdp.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} -
http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) -
http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) -
http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.1_02) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
-
http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) -
http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) -
http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -
http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) -
http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service
Client) -
http://ccon.madonion.com/global/msc.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{33ADE650-5DF5-409B-AADE-1EA09EB3810E}:
NameServer = 64.65.128.6,66.213.224.2
O17 -
HKLM\System\CCS\Services\Tcpip\..\{824A9F86-FD77-4C65-910C-F10EAF319832}:
NameServer = 64.65.128.6,66.213.224.2
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D877B556-6FC7-47E2-94DA-4B2A193C1C1C}:
NameServer = 216.231.41.22,216.231.41.2
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D96BE51B-86B2-4B7B-9103-04C01CF341B2}:
Domain = aurafice
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D96BE51B-86B2-4B7B-9103-04C01CF341B2}:
NameServer = 64.65.128.6,66.213.224.2
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) -
Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe