Home Page

[Guest]

For a while now Ive been trying to change my home page but every time I log on it goes to the home page which i`ve never selected

I keep getting riviera.cc/ which changes to http://search-town.net

I have tried going to tools, internet options but when I restart the computer its bac

can anyone hel

 

[Lawrence]

Download a program called " hijackthis" it will keep your home page from
being changed.

For a while now Ive been trying to change my home page but every time I

log on it goes to the home page which i`ve never selected.

 

[Will Denny]

Hi

Try all of the following programs to see if there is any spyware on your
system:

Ad-Aware - www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.spywareinfo.com/~merijn/downloads.html

--

Will Denny
MS-MVP Windows - Shell/User


| For a while now Ive been trying to change my home page but every time I
log on it goes to the home page which i`ve never selected.
|
| I keep getting riviera.cc/ which changes to http://search-town.net/
|
| I have tried going to tools, internet options but when I restart the
computer its back
|
| can anyone help
|
|

 

[Shenan Stanley]

For a while now Ive been trying to change my home page but every time
I log on it goes to the home page which i`ve never selected.

I keep getting riviera.cc/ which changes to http://search-town.net/

I have tried going to tools, internet options but when I restart the
computer its back

can anyone help

Please Notice that if you use AOL, you should at least upgrade to 9.0 or
greater before doing any of the fixes. I know you can get AOL 9.0 at almost
any convenience store, gas station, super market or other retail outlet in
the world, so this should not be a problem. Also, if you are using AOL 9.0,
you will not be able to perform the first step in this list. You should
look into another solution, such as ZoneAlarm, for a firewall.


Turn on that firewall...
http://www.microsoft.com/WindowsXP/home/using/howto/homenet/icf.asp


Make sure you have all the updates (critical) installed from:
http://windowsupdate.microsoft.com/
(Scan for updates, Review and Install)


Get rid of the spy/ad/mal-ware..
(Yes - using MORE than one of these..
I recommend at least the first three. Also..
UPDATE the definitions for them before using.)

Spybot Search and Destroy
http://www.safer-networking.net/

Lavasoft AdAware
http://www.lavasoft.de

CWSShredder
http://www.spywareinfo.com/~merijn/downloads.html

Hijack This!
http://mjc1.com/mirror/hjt/

I also like "The Cleaner" and "SpywareBlaster" and "SpywareGuard".
- http://www.moosoft.com/
- http://www.javacoolsoftware.com/

The first is a PAY product, but useable for 30 days - it has found and
eliminated problems in the past the others did not. The latter two are
prevention mechanisms. SpywareBlaster is a FANTASTIC free product, I
suggest getting this after you cleanup and keeping it updated as well.

Bazooka Adware and Spyware Scanner (Free!)
http://kephyr.sureshot.xaviermedia.net/spywarescanner/

ToolbarCop (Free!)
http://www.mvps.org/sramesh2k/toolbarcop.htm

Browser Security Tests
http://www.jasons-toolbox.com/BrowserSecurity/

And Assortment of Others:
http://spywareinfo.com/

ALSO - Be sure to IMMUNIZE after you clean up. SpywareBlaster and Spybot
Search and destroy both have these features - use both!


After you cleanup your PC somewhat of spy/ad/mal-ware, verify your antivirus
software is updated and run a full scan of your computer. If you have no
antivirus software - get one NOW! Grisoft AntiVirus:
http://www.grisoft.com/us/us_dwnl_free.php


Empty your Temporary Internet Files and shrink the size it stores to about
80 to 120MB (seems to be an optimal size for the normal user)

- Open ONE copy of Internet Explorer.
- Select TOOLS -> Internet Options.
- Under the General tab in the "Temporary Internet Files" section,
do the following:
- Click on "Delete Cookies" (click OK)
- Click on "Settings" and change the
"Amount of disk space to use:" to something between 80MB
and 120MB. (Betting it is MUCH larger right now.)
- Click OK.
- Click on "Delete Files" and select to
"Delete all offline contents" (the checkbox) and click
OK. (If you had a LOT, this could take 2-10 minutes or
more.)
- Once it is done, click OK, close Internet Explorer
- Re-open Internet Explorer.


Uninstall any software you do not use often/ever. (If you have something
installed but never use it, uninstall it.) If you go through Control
Panel -> Add/Remove Programs and see things you seldom if ever use, it is to
your advantage to remove it.


Also, if you are tired of Web Page Pop-Ups/Unders.. You could try the
Google Toolbar.
http://toolbar.google.com/


Stop loading applications at logon.. run MSCONFIG and look under the startup
tab for things you DON'T want to startup! Search the Internet with Google
to discover what things are safe to remove and what things may even be
malware infecting your computer.


Better control your email and lessen the amount of time you spend dealing
with SPAM:
SpamBayes
http://spambayes.sourceforge.net/
or
Spamihilator.
http://www.spamihilator.com

 

[Guest]

Hi
I have download hijack and done the scan. the warning given before deleting and to consult knowledgable folk

just Like to add before pasting the log is that my computer has a few problems all occurring at the same time

1) home page (riviera.cc changing to search-town .ne
2) on log in generic host process for win 32 service
3) no soun
4) can not get into media playe
5) trojan virus which has been detected and cleared by norton

I know if you delete certain things they can effect other so Im asking the experts

thanks

lo

Running processes
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\winlogon.ex
C:\WINDOWS\system32\services.ex
C:\WINDOWS\system32\lsass.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\system32\spoolsv.ex
C:\Program Files\Norton AntiVirus\navapsvc.ex
C:\WINDOWS\System32\nvsvc32.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\Explorer.EX
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.ex
C:\PROGRA~1\NORTON~1\navapw32.ex
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.ex
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.ex
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.ex
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.ex
C:\WINDOWS\System32\svchost.ex
C:\Program Files\Internet Explorer\iexplore.ex
C:\Documents and Settings\Danny\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.ex

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://opti.riviera.cc (obfuscated
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://opti.riviera.cc (obfuscated
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://riviera.cc (obfuscated
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://opti.riviera.cc (obfuscated
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://riviera.cc (obfuscated
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://opti.riviera.cc (obfuscated
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://opti.riviera.cc (obfuscated
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://opti.riviera.cc (obfuscated
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://riviera.cc (obfuscated
O2 - BHO: (no name) - {055D7684-71E2-48B7-8E13-29BCC5CA14F6} - C:\WINDOWS\system32\ckyic.dl
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.oc
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dl
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dl
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dl
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.oc
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.ex
O4 - HKLM\..\Run: [sys] regedit -s sysdll.re
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /ico
O4 - HKLM\..\Run: [PPMemCheck] "C:\Program Files\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /instal
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartu
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.ex
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.ex
O4 - HKLM\..\Run: [Microsoft Tray] A:\games.ex
O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.ex
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.ex
O4 - Global Startup: hpoddt01.exe.lnk =
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Medion-UK (HKCU)
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab
O16 - DPF: ADVFN US - http://usa.advfn.com/advfn_us8.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://www.ultimxxx.net/exefiles/021941.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1083784029620
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
O16 - DPF: {6A5BC405-BF00-11D4-8F33-00B0D0659D9F} (IGIndexDealing.CTRL) - http://www.igindex.co.uk/client/Dealer/progs/IGDealing.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37578.2270023148
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} (RdxIE Class) - http://www.grokster.com/rdx/RdxIE.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{430B6A21-FEB8-41F9-864D-932EFB4EFC9C}: NameServer = 194.72.9.55 194.74.65.85

 

[Shenan Stanley]

I have download hijack and done the scan. the warning given before
deleting and to consult knowledgeable folk.

just Like to add before pasting the log is that my computer has a few
problems all occurring at the same time.

1) home page (riviera.cc changing to search-town .net
2) on log in generic host process for win 32 services
3) no sound
4) can not get into media player
5) trojan virus which has been detected and cleared by norton.

I know if you delete certain things they can effect other so Im
asking the experts.

thanks.

log

<SNIP>

Although I could suggest a few things here, I have to insist you go to the
REAL experts on HijackThis logs:
http://www.spywareinfo.com/forums/index.php?s=76c4002eb91668389e4dd00877a2ced5&showforum=7
(shorter link: http://snipurl.com/69ib )

If you post it there, someone is sure to help you. My bet is they will have
a few things to say about Grokster.. And Yahoo.. And possibly
SmileyCentral..

I am not refusing to help you - just sending you somewhere with exclusive
experience on this type of thing. =)
(And who knows - I might be the one to help you there!)

 

[Guest]

thanks, and see you there

 

[Guest]

I am now a member of that site and my login is Hsd. no replies as ye

Shenan I need your help.

 

[Lawrence]

I believe if I were in your shoes, I would run spy-bot and check mark all
the errors ad ware and spyware that it finds and remove ALL of them. .

Hi
I have download hijack and done the scan. the warning given before

deleting and to consult knowledgable folk.

just Like to add before pasting the log is that my computer has a few

problems all occurring at the same time.

1) home page (riviera.cc changing to search-town .net
2) on log in generic host process for win 32 services
3) no sound
4) can not get into media player
5) trojan virus which has been detected and cleared by norton.

I know if you delete certain things they can effect other so Im asking the experts.

thanks.

log


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Danny\Local Settings\Temp\Temporary Directory 2

for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://opti.riviera.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://opti.riviera.cc (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://riviera.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://opti.riviera.cc (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://riviera.cc (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://opti.riviera.cc (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://opti.riviera.cc (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://opti.riviera.cc (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

http://riviera.cc (obfuscated)

O2 - BHO: (no name) - {055D7684-71E2-48B7-8E13-29BCC5CA14F6} - C:\WINDOWS\system32\ckyic.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program

Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PPMemCheck] "C:\Program Files\PestPatrol\PPMemCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Microsoft Tray] A:\games.exe
O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program

Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Medion-UK (HKCU)
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab
O16 - DPF: ADVFN US - http://usa.advfn.com/advfn_us8.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://www.ultimxxx.net/exefiles/021941.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX

Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor

Class) -
http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1083784029620

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products

Installer Start) -
http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe

O16 - DPF: {6A5BC405-BF00-11D4-8F33-00B0D0659D9F} (IGIndexDealing.CTRL) - http://www.igindex.co.uk/client/Dealer/progs/IGDealing.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37578.2270023148
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} (RdxIE Class) - http://www.grokster.com/rdx/RdxIE.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{430B6A21-FEB8-41F9-864D-932EFB4EFC9C}:
NameServer = 194.72.9.55 194.74.65.85