A
Aaron Stephens
Here is my hijackthis log file. I have no clue what I
need to do. I've run adaware an removed the same files
several times in the last 5-6 hours. Spybot closes as
soon as it opens and I'm not sure what to do with this.
Logfile of HijackThis v1.98.2
Scan saved at 6:37:53 AM, on 9/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_server.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\netlk32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\Active Setup Log.txt:xljwr
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Me\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FD7786C4-36BE-9F97-70B6-
B4EF1D3FBA8B} - C:\WINDOWS\system32\sdksp32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [mm_server] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program
Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1
\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [netlk32.exe] C:\WINDOWS\system32
\netlk32.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [xljwr] C:\WINDOWS\Active Setup
Log.txt:xljwr
O4 - HKLM\..\RunOnce: [kewjx] C:\WINDOWS\winnt.bmp:kewjx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -
cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program
Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NoAds] "C:\Program
Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI
Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program
Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI
Multimedia\MAIN\ATISched.EXE
O4 - Startup: hp psc 1000 series.lnk = ?
O4 - Startup: hpoddt01.exe.lnk = ?
O4 - Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Photo Loader supervisory.lnk = C:\Program
Files\CASIO\Photo Loader\Plauto.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk =
C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-
78752E50CD0C} - C:\Program Files\ATI
Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-
00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-
11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-
B7D41EF1CB52} - C:\Program
Files\AWS\WeatherBug\Weather.exe (HKCU)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {11111111-1111-1111-1111-112226880975} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-112599009668} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-113778133518} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f10213.exe
O16 - DPF: {11111111-1111-1111-1111-113911964936} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-115025177056} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f10213.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?
bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1c
f4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8
ec48e2e58a29296baabe1d6
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvS
niff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info
..apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-
3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/304d6c54739e43103902/netzip/RdxIE601.c
ab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls
/en/x86/client/wuweb_site.cab?1093371329031
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
(cpbrkpie Control) -
http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v312
3/cpbrkpie.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://wdownload.weatherbug.com/minibug/tricklers/AWS/minib
uginstaller.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}
(EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O17 - HKLM\System\CCS\Services\Tcpip\..\{817C7DBC-7FDC-
4752-957B-4B755B96D709}: NameServer =
141.165.1.10,141.165.1.9
need to do. I've run adaware an removed the same files
several times in the last 5-6 hours. Spybot closes as
soon as it opens and I'm not sure what to do with this.
Logfile of HijackThis v1.98.2
Scan saved at 6:37:53 AM, on 9/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_server.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\netlk32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\Active Setup Log.txt:xljwr
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Me\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = res://C:\WINDOWS\ohdir.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\ohdir.dll/sp.html#29836
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FD7786C4-36BE-9F97-70B6-
B4EF1D3FBA8B} - C:\WINDOWS\system32\sdksp32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-
009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [mm_server] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program
Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1
\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [netlk32.exe] C:\WINDOWS\system32
\netlk32.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [xljwr] C:\WINDOWS\Active Setup
Log.txt:xljwr
O4 - HKLM\..\RunOnce: [kewjx] C:\WINDOWS\winnt.bmp:kewjx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -
cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program
Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NoAds] "C:\Program
Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI
Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program
Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI
Multimedia\MAIN\ATISched.EXE
O4 - Startup: hp psc 1000 series.lnk = ?
O4 - Startup: hpoddt01.exe.lnk = ?
O4 - Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Photo Loader supervisory.lnk = C:\Program
Files\CASIO\Photo Loader\Plauto.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk =
C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-
78752E50CD0C} - C:\Program Files\ATI
Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-
00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-
11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-
B7D41EF1CB52} - C:\Program
Files\AWS\WeatherBug\Weather.exe (HKCU)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {11111111-1111-1111-1111-112226880975} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-112599009668} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-113778133518} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f10213.exe
O16 - DPF: {11111111-1111-1111-1111-113911964936} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f22776.exe
O16 - DPF: {11111111-1111-1111-1111-115025177056} -
mhtml:file://C:NO_SUCH_MHT.MHT!
http://www.008k.com/partner/inst/f10213.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?
bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1c
f4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8
ec48e2e58a29296baabe1d6
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvS
niff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info
..apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-
3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/304d6c54739e43103902/netzip/RdxIE601.c
ab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls
/en/x86/client/wuweb_site.cab?1093371329031
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
(cpbrkpie Control) -
http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v312
3/cpbrkpie.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://wdownload.weatherbug.com/minibug/tricklers/AWS/minib
uginstaller.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}
(EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
O17 - HKLM\System\CCS\Services\Tcpip\..\{817C7DBC-7FDC-
4752-957B-4B755B96D709}: NameServer =
141.165.1.10,141.165.1.9