walleyeguy7

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About walleyeguy7

  • Rank
    Newbie
  1. thank you, heres the text Username "Owner" - 12/28/2007 17:49:55 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdwed.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.115.42 85.255.112.170" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4A1C06C7-7986-4640-80F4-FFEE241B8BF6} "nameserver"="85.255.115.42,85.255.112.170" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4D9AF1D5-58A2-4F33-B98C-E163C3AC5C83} "nameserver"="85.255.115.42,85.255.112.170" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F46B6BF2-1260-40A1-A2DF-8C32159B03CC} "nameserver"="85.255.115.42,85.255.112.170" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0A89AF12-67AB-45B0-856D-C166FC75D94D} "DhcpNameServer"="85.255.115.42,85.255.112.170" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F46B6BF2-1260-40A1-A2DF-8C32159B03CC} "DhcpNameServer"="85.255.115.42,85.255.112.170" <Value cleared. Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "xllsc" Value deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "ufasc" Value deleted HKCR\CLSID\{B8C5F29F-CBE1-481B-88FC-A13D910CF660}\_h\4 Deleted. HKCR\CLSID\{D880F750-1552-4994-95B0-7F53EEB6A523}\_h\4 Deleted. .... ~~~~~ Misc files. C:\Documents and Settings\Owner\Application Data\kc.tmp Deleted C:\WINDOWS\BALLOON.WAV Deleted C:\WINDOWS\RDT.INI Deleted C:\WINDOWS\System32\kilacln.exe Deleted C:\Documents and Settings\Owner\Start Menu\Programs\VideoAccess Deleted C:\WINDOWS\system32\{8A00055D-EF71-4BA4-AE82-27A6FEB1DE95}.exe Deleted C:\WINDOWS\system32\{E0B7C85C-AD6D-428D-8A3A-B3BF605B7E8A}.exe Deleted C:\WINDOWS\system32\{981C8E0F-4380-4CAE-A63C-EF4A7DF83CF5}.exe Deleted C:\WINDOWS\system32\{596B225E-9340-43EA-988E-4FAB0A1D34EF}.exe Deleted C:\WINDOWS\system32\{C8807FEF-914F-476F-A841-F03EF2FF3C66}.exe Deleted C:\WINDOWS\system32\{DE9AE916-CD72-40F9-B7A7-041A6ED94FAF}.exe Deleted C:\WINDOWS\system32\{0B5101C2-152E-43C5-AFF7-AB0FB6A20E9A}.exe Deleted C:\WINDOWS\system32\{74FD5964-1892-419D-979D-72601AD8B9A6}.exe Deleted C:\WINDOWS\system32\{3579642B-83CC-4D4F-A207-5AAE15220586}.exe Deleted C:\WINDOWS\system32\{E85D3A5D-CFF4-4F52-865F-D39D7F8567F3}.exe Deleted C:\WINDOWS\system32\{893428BB-10BE-47F5-82FA-14E381F5BFCB}.exe Deleted C:\WINDOWS\system32\{B3828F2F-D54E-4BDA-AAD3-AC7E308AE420}.exe Deleted C:\WINDOWS\system32\{2ADC2C09-0639-4426-82C9-4EF14F760EDC}.exe Deleted C:\WINDOWS\system32\{BEBC69D1-B4FA-46D8-8325-35FA2EF88A9E}.exe Deleted C:\WINDOWS\system32\{66D1E792-5DC1-4B4F-AB74-D3943BDC7757}.exe Deleted C:\WINDOWS\system32\{5FBC14B2-55CF-4093-B22E-85BC59010EE5}.exe Deleted C:\WINDOWS\system32\{793B7C7F-E6D8-498F-9C23-F153D4EFABF9}.exe Deleted C:\WINDOWS\system32\{D58C7B02-F9E7-4622-9032-5FBFC0F0CC66}.exe Deleted C:\WINDOWS\system32\{3FEAF93F-F7AD-475E-A599-F50567C3D137}.exe Deleted C:\WINDOWS\system32\{DDC21519-E6C5-4B3B-A7F6-8E4293A25484}.exe Deleted C:\WINDOWS\system32\{DDD5431C-A40E-4059-8024-B5A8E1D07696}.exe Deleted C:\WINDOWS\system32\{5AA91A40-0EE0-4E8B-B531-7297E21B0BDF}.exe Deleted C:\WINDOWS\system32\{F185A3AE-B5B8-4405-AB61-3C9852A2ABB3}.exe Deleted C:\WINDOWS\system32\{C24B4C63-40B1-4205-8783-5F3C7AE72BD3}.exe Deleted C:\WINDOWS\system32\{1F75BE62-AC54-452C-AEF4-4F4447D3BD79}.exe Deleted C:\WINDOWS\system32\{5AFDAF4A-6D72-44A8-B318-3E38775EB856}.exe Deleted C:\WINDOWS\system32\{6EDFF887-D64C-409D-B1CF-ADC4CECB1189}.exe Deleted C:\WINDOWS\system32\{2B822183-1153-401F-8858-A62AF8B3C85B}.exe Deleted C:\WINDOWS\system32\{8B5D078E-04BF-43D8-8DFA-E09A15725BC1}.exe Deleted C:\WINDOWS\system32\{A8133B73-AF4C-447A-BD82-C8AFEAC8797E}.exe Deleted C:\WINDOWS\system32\{7906D256-4FB6-46A5-8066-D25D2B0836D2}.exe Deleted C:\WINDOWS\system32\{B1B75A5C-97E5-4B19-8B10-15029F575B3F}.exe Deleted C:\WINDOWS\system32\{CFE6BD5E-C103-4083-ABE5-186BDE7D36F0}.exe Deleted C:\WINDOWS\system32\{3BB6EA10-627B-40E9-9785-A03454515304}.exe Deleted C:\WINDOWS\system32\{DB5BB1D2-A5E2-43A6-ABD0-2453A8AC21F0}.exe Deleted C:\WINDOWS\system32\{AD2D0D98-0072-4056-8903-D8C1C06DDA1B}.exe Deleted C:\WINDOWS\system32\{DEECD4A7-2BD5-45F2-ACFD-AC32B6BCF3FD}.exe Deleted C:\WINDOWS\system32\{341BC782-00B2-4D0D-AF77-0400C51898CE}.exe Deleted C:\WINDOWS\system32\{082064D1-E7DA-47A0-9E08-34B1F9FEC789}.exe Deleted C:\WINDOWS\system32\{220ED789-53CD-4031-92F1-3835BD6CA4B6}.exe Deleted C:\WINDOWS\system32\{6E49694A-9D5B-46CF-9A5B-9EAF3AE3B43E}.exe Deleted C:\WINDOWS\system32\{6191311B-F908-400C-A507-1AE117DF7FB4}.exe Deleted C:\WINDOWS\system32\{F66A4C5C-AFD3-40D1-8C39-966158924D7E}.exe Deleted C:\WINDOWS\system32\{9BD9EE7B-2499-4C32-A054-4917EFD51C8F}.exe Deleted C:\WINDOWS\system32\{B3C3FAD7-4DCF-4CE7-BE15-895A47FAC0B0}.exe Deleted C:\WINDOWS\system32\{FBB3E46C-C1DF-438E-95DC-839BF1AB925B}.exe Deleted C:\WINDOWS\system32\{D6DD5864-2E04-41E7-B586-7FEEF4B8CA78}.exe Deleted C:\WINDOWS\system32\{54AC5396-E4F8-41FD-889A-EB57E8B53200}.exe Deleted C:\WINDOWS\system32\{DE43B7A5-50BF-45EF-BBF5-9FA02DDBA493}.exe Deleted C:\WINDOWS\system32\{AF1F5A86-C3E8-442F-B958-619C7DB0F9D0}.exe Deleted C:\WINDOWS\system32\{4C90C8B6-931B-40EA-9AE6-B53C5AE82F33}.exe Deleted C:\WINDOWS\system32\{EE082149-3A5C-4B2D-A18A-CC4FA6B3D65F}.exe Deleted C:\WINDOWS\system32\{DA623ECA-1A01-4878-919B-B2360A32EE63}.exe Deleted C:\WINDOWS\system32\{C5A6BFD4-706E-402F-9EF0-1C7CEC709C42}.exe Deleted C:\WINDOWS\system32\{E8A78AC3-742D-4D9C-BCAE-6BE4AE7A5747}.exe Deleted C:\WINDOWS\system32\{D16B2E36-1D69-4B88-B834-421F4B613BF6}.exe Deleted C:\WINDOWS\system32\{813BF177-DEF9-4E11-A1F0-C20C315454E7}.exe Deleted C:\WINDOWS\system32\{5C0F728B-D576-4691-B22F-C67819EF14B3}.exe Deleted C:\WINDOWS\system32\{A6CB3644-047E-4397-A80B-F992C7546CB9}.exe Deleted C:\WINDOWS\system32\{FDEE08B5-56E1-4822-B556-38082A3204F1}.exe Deleted C:\WINDOWS\system32\{B9ABB3AC-5B01-4C90-87DB-5919CC03D21E}.exe Deleted C:\WINDOWS\system32\{9C36B850-125A-4073-8986-940FE40DDE04}.exe Deleted C:\WINDOWS\system32\{3B25C067-7B7E-4058-BEC9-33F766228130}.exe Deleted C:\WINDOWS\system32\{848400A0-A6C6-4F81-8B4B-EBC1C43A83B5}.exe Deleted C:\WINDOWS\system32\{58B3368E-6243-4D49-A046-29AA30A723DE}.exe Deleted C:\WINDOWS\system32\{04E43A34-7F4F-42A2-8EBA-7CD617D3B42A}.exe Deleted C:\WINDOWS\system32\{C232C903-B196-428D-8197-92EE2BB41650}.exe Deleted C:\WINDOWS\system32\{2BD9F7AF-F6F2-4332-9655-958433BAA8F9}.exe Deleted C:\WINDOWS\system32\{EEC1E184-634B-481C-8FE1-F81E98E66FBE}.exe Deleted C:\WINDOWS\system32\{FD3C26CD-9491-4133-B723-950174C82771}.exe Deleted C:\WINDOWS\system32\{CA7FE764-A854-495D-8C45-2DDCD78519D6}.exe Deleted C:\WINDOWS\system32\{38E83633-92AC-4676-9992-BF42B0D93E8A}.exe Deleted C:\WINDOWS\system32\{F92CF130-E96B-4CA5-8A56-04A815353314}.exe Deleted C:\WINDOWS\system32\{D08FCA84-1D2C-4C82-A7F1-9F64C9208B89}.exe Deleted C:\WINDOWS\system32\{953C1FBB-9224-4AA0-92A7-3749C0C66B9D}.exe Deleted C:\WINDOWS\system32\{71068A6D-1F4D-4F0B-A04A-49DDA307E060}.exe Deleted C:\WINDOWS\system32\{4FD9FCA6-A746-44BD-9E9B-6D55E3BC6953}.exe Deleted C:\WINDOWS\system32\{CEC06686-664D-4E6E-A1FA-9F3F5724036E}.exe Deleted C:\WINDOWS\system32\{3B67D721-ABBE-43D8-A98D-0A28E762A644}.exe Deleted C:\WINDOWS\system32\{AD110C1A-C2C0-4517-A2DD-F6F22E95ECDE}.exe Deleted C:\WINDOWS\system32\{0DFF4D16-6075-46AD-A5EF-85AFDD482D08}.exe Deleted C:\WINDOWS\system32\{D7111C64-8E12-4976-B170-229BFBDE548C}.exe Deleted C:\WINDOWS\system32\{A4306DDA-7EFA-414D-B7E8-2ECCA2D2328B}.exe Deleted C:\WINDOWS\system32\{E8BAAA88-03D3-4000-8FAD-1EAC0E933C06}.exe Deleted C:\WINDOWS\system32\{F86EEB15-CD2F-4851-9910-A75CCC4203F2}.exe Deleted C:\WINDOWS\system32\{A4B62367-8B29-4D96-99A2-CA85F5F3E74A}.exe Deleted C:\WINDOWS\system32\{33891314-B32B-42D7-9A1A-24DA26B75ECE}.dll Deleted C:\WINDOWS\system32\{F69C6065-0ED6-42DB-83C7-99BB4DBA5592}.dll Deleted C:\WINDOWS\system32\{AFCB9D89-3DDF-4F06-B49D-BE21D5DB6E83}.dll Deleted C:\WINDOWS\system32\{923144BB-A674-4208-824C-7D7DA706E23E}.dll Deleted C:\WINDOWS\system32\{6D8CC21A-EE91-4967-AA99-012A3053061C}.dll Deleted C:\WINDOWS\system32\{1056FBF5-B104-45AF-A807-0E4A175B87D7}.dll Deleted C:\WINDOWS\system32\{1B5A4015-E4EF-4082-BA88-2EED76662064}.dll Deleted C:\WINDOWS\system32\{767E5A87-5F91-4D62-AF88-0B422680D19C}.dll Deleted C:\WINDOWS\system32\{47B8AC61-D418-42B7-B2CE-39BC5FD84D74}.dll Deleted C:\WINDOWS\system32\{C3FD2478-5003-41EB-B17C-F523D3135E42}.dll Deleted C:\WINDOWS\system32\{871098CB-201D-4321-BA1F-118965140FB0}.dll Deleted C:\WINDOWS\system32\{D4ED38E4-F5B7-40E9-8DAE-72F586C54170}.dll Deleted C:\WINDOWS\system32\{BC56E1F7-B415-4C52-AAEA-7DBFA63A19F9}.dll Deleted C:\WINDOWS\system32\{0B5655D4-A9B9-4DCD-823A-68DB5D132C47}.dll Deleted C:\WINDOWS\system32\{7D99E1FA-EDF6-428A-A12A-B5BD5CAAF2EE}.dll Deleted C:\WINDOWS\system32\{C93E315C-41C9-480B-AED0-106E08EB248F}.dll Deleted C:\WINDOWS\system32\{173AAC4E-5CDC-4224-BEF9-E0520463FC80}.dll Deleted C:\WINDOWS\system32\{3370158B-D209-48B6-818F-8C324F09C2AD}.dll Deleted C:\WINDOWS\system32\{16B3DBA3-AFCF-4B09-BBDF-EEBEFF265A7D}.dll Deleted .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IESet"="IExplorer.dll .dbt" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart" "MSMSGS"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background" "BoundRec"="mozilla-text.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "main"="C:\\WINDOWS\\System32\\drivers\\win32.exe" "default"="C:\\Documents and Settings\\LocalService\\desktop.exe" "IESet"="IExplorer.dll .dbt" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~
  2. help please, ie pop ups are keylogging me and then feeding me pop ups about what i typed and my pc has slowed considerably, i cant get rid of it with spy sweeper, kaspersky, spybot, avg, or ad aware. i have manually cleaned out several program files that turned out to be spyware such as 'command' but newer ones seem to keep bugging me. yahooo is the most recent, although false spyware removal programs and internet speed moniter were the most prominent. my running processes are sometimes odd, such as displaying 2-5 'explorer.exe'. can someone help me?
  3. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:02:42 PM, on 12/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Wireless-G USB Network Adapter\WLService.exe C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger\Msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\explorer.exe C:\WINDOWS\system32\svcd\svchost.exe C:\WINDOWS\system32\TmpX.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - {B4513A02-2947-FD3C-2BB9-152DE9828D74} - ABCXYZ.dll (file missing) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: localhost 127.0.0.1 O2 - BHO: Installer Class - {009506E8-8CAD-4CA9-81D4-D815E7E4330A} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {07006EB1-8AC0-4db0-8604-3207326205D9} - C:\WINDOWS\system32\mabad.dll O2 - BHO: 0 - {17089170-13E6-49F8-73A5-49D27840A739} - C:\Program Files\ComPlus Applications\rykiwuqig94.dll (file missing) O2 - BHO: (no name) - {1E01A9A5-7773-469F-A1AE-E8B79EE60B22} - C:\Program Files\Outlook Express\nixydep83122.dll (file missing) O2 - BHO: (no name) - {1E6188F0-14D9-4898-98B8-FB4282B16A15} - C:\Program Files\Outlook Express\nixydep4444.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: {96d2e3f6-8974-4c98-3764-23b047b2c199} - {991c2b74-0b32-4673-89c4-47986f3e2d69} - C:\WINDOWS\system32\iavtbajs.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wdjeuode.dll (file missing) O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\nnnnllk.dll (file missing) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll (file missing) O2 - BHO: (no name) - {D05B775A-85AB-432D-BC82-CD93FD5EAD2A} - C:\WINDOWS\system32\geeba.dll (file missing) O2 - BHO: SuperSecretServer.Shhh - {FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} - C:\WINDOWS\system32\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63}.dll (file missing) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wdjeuode.dll (file missing) O4 - HKLM\..\Run: [iESet] IExplorer.dll .dbt O4 - HKLM\..\RunServices: [iESet] IExplorer.dll .dbt O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKCU\..\Run: [boundRec] mozilla-text.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iESet] IExplorer.dll .dbt O4 - HKCU\..\Run: [main] C:\WINDOWS\System32\drivers\win32.exe O4 - HKCU\..\Run: [default] C:\Documents and Settings\LocalService\desktop.exe O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\System32\drivers\win32.exe O4 - HKCU\..\RunOnce: [ati] C:\Documents and Settings\LocalService\desktop.exe O4 - HKUS\S-1-5-18\..\Run: [iESet] IExplorer.dll .dbt (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [iESet] IExplorer.dll .dbt (User 'Default user') O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCYYYYYYYYUS O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1C06C7-7986-4640-80F4-FFEE241B8BF6}: NameServer = 85.255.115.42,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{4D9AF1D5-58A2-4F33-B98C-E163C3AC5C83}: NameServer = 85.255.115.42,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{F46B6BF2-1260-40A1-A2DF-8C32159B03CC}: NameServer = 85.255.115.42,85.255.112.170 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170 O20 - AppInit_DLLs: bbbnnija.dll O20 - Winlogon Notify: nnnnllk - nnnnllk.dll (file missing) O20 - Winlogon Notify: wdjeuode - wdjeuode.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vbwdliii.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Security Service (MLQE) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe O24 - Desktop Component 0: (no name) - http://www.runescape.com/img/title/wrslogo.gif -- End of file - 8724 bytes ad aware (400 some entrys so only copied this section): Cleaned Infections =========================== Root: HKLM Path: software\clickspring, Belonging to ClickSpring File: C:\Documents and Settings\Owner\Local Settings\Temp\cmdinst.exe, Belonging to CmdServices File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1016\A0197148.dll, Belonging to CmdServices File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP996\A0193841.EXE, Belonging to CmdServices File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1016\A0197143.dll, Belonging to Win32.TrojanClicker File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1016\A0197265.exe, Belonging to Hacktool.Netmon Root: HKLM Path: software\ugcw, Belonging to AntivirusPCSuite File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP994\A0193762.exe, Belonging to AntivirusPCSuite File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP994\A0193768.old, Belonging to AntivirusPCSuite File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP994\A0193770.old, Belonging to AntivirusPCSuite Folder: c:\UGA6P, Belonging to AntivirusPCSuite End of Cleaned Infections ===========================