Voyageman
02-10-2005, 06:07 PM
I have read prior posts, run (one at a time) adaware, spy sweeper, msft antispyware, spyware doctor, spybot search and destroy, etrust patrol; Ihave deleted internet temp files, etc and emptied the bin. I have run hijack this with results shown below.....how does it look? Is there more I need to delete manually? many thanks .
_______________________________________-
Logfile of HijackThis v1.99.0
Scan saved at 02:21:10, on 02/11/05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Boingo\WENGINE\wmonitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\Norton\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\ggviewer67-15.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\My Downloads\Compupic\ScsiAccess.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Say the Time\SayTime.exe
C:\Program Files\Say the Time\SayTime.exe
C:\My Downloads\Clockx\ClocX\ClocX.exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\My Downloads\Zone alarm\ZoneAlarm\zlclient.exe
C:\My Downloads\PaperPort\pptd40nt.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\My Downloads\Win Speed Up my PC\speedupmypc.exe
C:\My Downloads\File-Ex 3\FileEx.exe
C:\Documents and Settings\Master\Start Menu\Programs\Startup\KnockOut.exe
C:\Program Files\Norton\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\My Downloads\Avant\Avant Browser\avant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\My Downloads\WinTasks 4\wintasks.exe
C:\PROGRA~1\Norton\NORTON~1\NORTON~2\SPEEDD~1\NOPD B.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\AVD\Downloads\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKLM\..\Run: [ClocX] C:\My Downloads\Clockx\ClocX\ClocX.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\My Downloads\Zone alarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\My Downloads\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2 a.exe" /runonce
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitexlx32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ClipCache] C:\My Downloads\Clip Cache\ClipCache\clipc.exe /wait 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FastLauncher] C:\My Downloads\Fast Launcher\fl.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: File-Ex.lnk = C:\My Downloads\File-Ex 3\FileEx.exe
O4 - Startup: KnockOut.exe
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: QuickRun.lnk = C:\My Downloads\Quick Run\QuickRun.exe
O4 - Startup: TLight.exe.lnk = C:\My Downloads\Dovico\Trackit\TLight.exe
O4 - Startup: X1 System Tray.lnk = C:\My Downloads\x1\X1Systray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\My Downloads\Win Speed Up my PC\speedupmypc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: Add To Net Snippets - C:\MYDOWN~1\NETSNI~2\Res\Clipper.htm
O8 - Extra context menu item: Capture &Image to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Page to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture &Target to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Selected Items to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site Snippet to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: File and Save Picture with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#108
O8 - Extra context menu item: File and Save Selection with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#109
O8 - Extra context menu item: File and Save Target with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#107
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Furl It - http://www.furl.net/resources/rightClick.jsp
O8 - Extra context menu item: Note Link Address with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#110
O8 - Extra context menu item: Open All Links in This Page... - C:\My Downloads\Avant\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In &New Window - C:\Documents and Settings\Master\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.tui
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\default.kmq\extensio ns\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Save image with M&ybase - C:\My Downloads\My Base\WebCollect\imagesave.htm
O8 - Extra context menu item: Save Page Area (Frame) with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#102
O8 - Extra context menu item: Save Picture with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#101
O8 - Extra context menu item: Save Selected Targets with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#111
O8 - Extra context menu item: Save Selection with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#104
O8 - Extra context menu item: Save Target with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#103
O8 - Extra context menu item: Save to &KBase... - file:C:\My Downloads\NetXtract\SaveToKBmenu.dll
O8 - Extra context menu item: Save with &Mybase - C:\My Downloads\My Base\WebCollect\websave.htm
O8 - Extra context menu item: Save with Internet Research Scout - C:\My Downloads\Internet Research Scout\Internet Research Scout\nnotes.html
O8 - Extra context menu item: Search - C:\My Downloads\Avant\Avant Browser\Search.htm
O8 - Extra context menu item: SurfSaver 6 QuickSave - C:\My Downloads\Surfsaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver 6 Save... - C:\My Downloads\Surfsaver\add.htm
O8 - Extra context menu item: Track Target Using Copernic Tracker - C:\My Downloads\Copernic Tracker\Web\TrackTargetExt.htm
O8 - Extra context menu item: Track Using Copernic Tracker - C:\My Downloads\Copernic Tracker\Web\TrackCurrentExt.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\default.kmq\extensio ns\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Track Page - {0CFE98C9-A0F8-4E6E-94D7-C8F9157B0A43} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra button: (no name) - {12200C1F-1E6B-4F57-8222-2811B123688C} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra 'Tools' menuitem: Track Page Using Copernic Tracker - {12200C1F-1E6B-4F57-8222-2811B123688C} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: [LWA] Load - {1893CACF-6450-473A-8825-1C21D55745A2} - C:\My Downloads\Local WebSite\Local Website Archive\wsarc.exe
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: netXtract® - {1FB62888-D13A-11d3-AF5D-00C0DF647817} - C:\My Downloads\NetXtract\iBrowser.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)
O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)
O9 - Extra button: Flash Movie Extractor Scout - {3A68BB9F-E215-488F-B661-B9E965B76D50} - C:\My Downloads\Flash extractor\Flash Movie Extractor Scout\flashextract.exe
O9 - Extra button: Notes Pilot - {5BC69A50-0C33-4106-B44B-0DAC5F8E23E5} - C:\My Downloads\Notes Pilot\notes.exe (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\MYDOWN~1\NETSNI~2\NetSnip.dll
O9 - Extra button: Subscribe in NewsGator - {82B02F23-47B5-4e6c-8A75-8E0527D73989} - C:\My Downloads\Newsgator\NGIEExt.dll
O9 - Extra button: SurfSaver 6 - {91D4580B-DB35-416E-BA9E-994BBADC7177} - C:\My Downloads\Surfsaver\SurfSaverBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Research Scout - {A44D54CC-90DA-45E7-A8D2-34404253531A} - C:\MYDOWN~1\INTERN~1\INTERN~1\nnotes.dll
O9 - Extra button: Entradas Cine - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mrc-cine-entradas3\local.htm (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Picasa\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Picasa\Hello\PicasaCapture.dll
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\my downloads\lotus\organize\bandobjs.dll
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\My Downloads\PDF Typewriter\PDFtypewriterie.exe (file missing)
O9 - Extra button: Locate - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\My Downloads\Visualwhois\srstools.dll
O9 - Extra 'Tools' menuitem: Locate Using Visual WhoIs 2004 - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\My Downloads\Visualwhois\srstools.dll
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\My Downloads\Newzcrawler\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\My Downloads\Newzcrawler\NewzCrawler\News.exe
O9 - Extra button: [LWA] Add - {DA356B42-149C-47A4-91D1-8A734A70C33B} - C:\My Downloads\Local WebSite\Local Website Archive\wsarc_add.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FC4F8941-BB5B-45c1-857C-E5B32157D00B} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra 'Tools' menuitem: Web Eyes &Page Control - {FC4F8941-BB5B-45c1-857C-E5B32157D00B} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra button: (no name) - {FD67E839-BCC2-4487-88DF-FB54C083CB14} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra 'Tools' menuitem: Web &Eyes Reader - {FD67E839-BCC2-4487-88DF-FB54C083CB14} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra button: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\My Downloads\LinkStash\LinkStash\lsshow.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\My Downloads\LinkStash\LinkStash\lsshow.exe (HKCU)
O9 - Extra button: Grab URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\My Downloads\LinkStash\LinkStash\lsgrab.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash GrabURLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\My Downloads\LinkStash\LinkStash\lsgrab.exe (HKCU)
O9 - Extra button: Save with Mybase/WebCollect - {B32D4F40-124C-4be4-9EED-456712C053B5} - C:\My Downloads\My Base\WebCollect\websave.htm (HKCU)
O9 - Extra 'Tools' menuitem: Save with Mybase/WebCollect - {B32D4F40-124C-4be4-9EED-456712C053B5} - C:\My Downloads\My Base\WebCollect\websave.htm (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Proyec - http://www.expansiondirecto.com/pdf/RMDActiveX.cab
O16 - DPF: RMDActiveX - http://www.expansiondirecto.com/pdf/RMDActiveX.cab
O16 - DPF: WebControlDeploy - https://grouper.com/v1/Resolver.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class) - http://client.maven.net/client/mavenInstaller.cab
O16 - DPF: {2517F764-6F60-4ADD-8FCF-137E5B220FF6} - http://advnt01.com/dialer/emsat_ver4.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/122b2c8290165e819621/netzip/RdxIE601.cab
O16 - DPF: {5AA1A8E3-FD88-488A-95EB-944D938136AF} (VerMDDE.clsVerMDDE) - https://sce.ctt.pt/VerMDDE.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.newsstand.com/downloads/reader/live/Disk1/isetupml.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class) - http://www.x1.com/download/X1WebInstall.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/account/downloads/executables/ie/IDA.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\My Downloads\Surfsaver\AS6_AIPP.dll
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - C:\MYDOWN~1\COPERN~2\COPERN~2.DLL
O18 - Protocol: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Boingo Monitor Service - Boingo Wireless, Inc. - C:\Program Files\Boingo\WENGINE\wmonitor.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: GoToMyPC - Citrix Online - C:\My Downloads\Citrix\GoToMyPC\g2svc.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\Norton\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown - C:\My Downloads\Compupic\ScsiAccess.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton\NORTON~1\NORTON~2\SPEEDD~1\NOPD B.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\My Downloads\Tune Up\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
_______________________________________-
Logfile of HijackThis v1.99.0
Scan saved at 02:21:10, on 02/11/05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Boingo\WENGINE\wmonitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\Norton\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\ggviewer67-15.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\My Downloads\Compupic\ScsiAccess.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\kmw_run.exe
C:\Program Files\Say the Time\SayTime.exe
C:\Program Files\Say the Time\SayTime.exe
C:\My Downloads\Clockx\ClocX\ClocX.exe
C:\WINDOWS\System32\KMW_SHOW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\My Downloads\Zone alarm\ZoneAlarm\zlclient.exe
C:\My Downloads\PaperPort\pptd40nt.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\My Downloads\Win Speed Up my PC\speedupmypc.exe
C:\My Downloads\File-Ex 3\FileEx.exe
C:\Documents and Settings\Master\Start Menu\Programs\Startup\KnockOut.exe
C:\Program Files\Norton\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\My Downloads\Avant\Avant Browser\avant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\My Downloads\WinTasks 4\wintasks.exe
C:\PROGRA~1\Norton\NORTON~1\NORTON~2\SPEEDD~1\NOPD B.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\AVD\Downloads\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKLM\..\Run: [ClocX] C:\My Downloads\Clockx\ClocX\ClocX.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\My Downloads\Zone alarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\My Downloads\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2 a.exe" /runonce
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitexlx32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ClipCache] C:\My Downloads\Clip Cache\ClipCache\clipc.exe /wait 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FastLauncher] C:\My Downloads\Fast Launcher\fl.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: File-Ex.lnk = C:\My Downloads\File-Ex 3\FileEx.exe
O4 - Startup: KnockOut.exe
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: QuickRun.lnk = C:\My Downloads\Quick Run\QuickRun.exe
O4 - Startup: TLight.exe.lnk = C:\My Downloads\Dovico\Trackit\TLight.exe
O4 - Startup: X1 System Tray.lnk = C:\My Downloads\x1\X1Systray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\My Downloads\Win Speed Up my PC\speedupmypc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: Add To Net Snippets - C:\MYDOWN~1\NETSNI~2\Res\Clipper.htm
O8 - Extra context menu item: Capture &Image to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Page to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture &Target to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Selected Items to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site Snippet to Onfolio... - res://C:\My Downloads\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: File and Save Picture with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#108
O8 - Extra context menu item: File and Save Selection with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#109
O8 - Extra context menu item: File and Save Target with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#107
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Furl It - http://www.furl.net/resources/rightClick.jsp
O8 - Extra context menu item: Note Link Address with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#110
O8 - Extra context menu item: Open All Links in This Page... - C:\My Downloads\Avant\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In &New Window - C:\Documents and Settings\Master\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.tui
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\default.kmq\extensio ns\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Save image with M&ybase - C:\My Downloads\My Base\WebCollect\imagesave.htm
O8 - Extra context menu item: Save Page Area (Frame) with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#102
O8 - Extra context menu item: Save Picture with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#101
O8 - Extra context menu item: Save Selected Targets with ContentSaver... - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#111
O8 - Extra context menu item: Save Selection with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#104
O8 - Extra context menu item: Save Target with ContentSaver - res://C:\PROGRA~1\CONTEN~1\csshell.dll/#103
O8 - Extra context menu item: Save to &KBase... - file:C:\My Downloads\NetXtract\SaveToKBmenu.dll
O8 - Extra context menu item: Save with &Mybase - C:\My Downloads\My Base\WebCollect\websave.htm
O8 - Extra context menu item: Save with Internet Research Scout - C:\My Downloads\Internet Research Scout\Internet Research Scout\nnotes.html
O8 - Extra context menu item: Search - C:\My Downloads\Avant\Avant Browser\Search.htm
O8 - Extra context menu item: SurfSaver 6 QuickSave - C:\My Downloads\Surfsaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver 6 Save... - C:\My Downloads\Surfsaver\add.htm
O8 - Extra context menu item: Track Target Using Copernic Tracker - C:\My Downloads\Copernic Tracker\Web\TrackTargetExt.htm
O8 - Extra context menu item: Track Using Copernic Tracker - C:\My Downloads\Copernic Tracker\Web\TrackCurrentExt.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\default.kmq\extensio ns\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Track Page - {0CFE98C9-A0F8-4E6E-94D7-C8F9157B0A43} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra button: (no name) - {12200C1F-1E6B-4F57-8222-2811B123688C} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra 'Tools' menuitem: Track Page Using Copernic Tracker - {12200C1F-1E6B-4F57-8222-2811B123688C} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: [LWA] Load - {1893CACF-6450-473A-8825-1C21D55745A2} - C:\My Downloads\Local WebSite\Local Website Archive\wsarc.exe
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: netXtract® - {1FB62888-D13A-11d3-AF5D-00C0DF647817} - C:\My Downloads\NetXtract\iBrowser.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Onfolio Capture... - {2fc2f9a4-c43e-42c0-9490-19d6be8b1726} - mscoree.dll (file missing)
O9 - Extra button: Onfolio - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Onfolio Collection Explorer - {30e2a68b-20f5-419d-bbb9-dce92edc4e67} - mscoree.dll (file missing)
O9 - Extra button: Flash Movie Extractor Scout - {3A68BB9F-E215-488F-B661-B9E965B76D50} - C:\My Downloads\Flash extractor\Flash Movie Extractor Scout\flashextract.exe
O9 - Extra button: Notes Pilot - {5BC69A50-0C33-4106-B44B-0DAC5F8E23E5} - C:\My Downloads\Notes Pilot\notes.exe (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\MYDOWN~1\NETSNI~2\NetSnip.dll
O9 - Extra button: Subscribe in NewsGator - {82B02F23-47B5-4e6c-8A75-8E0527D73989} - C:\My Downloads\Newsgator\NGIEExt.dll
O9 - Extra button: SurfSaver 6 - {91D4580B-DB35-416E-BA9E-994BBADC7177} - C:\My Downloads\Surfsaver\SurfSaverBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Research Scout - {A44D54CC-90DA-45E7-A8D2-34404253531A} - C:\MYDOWN~1\INTERN~1\INTERN~1\nnotes.dll
O9 - Extra button: Entradas Cine - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mrc-cine-entradas3\local.htm (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Picasa\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Picasa\Hello\PicasaCapture.dll
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\my downloads\lotus\organize\bandobjs.dll
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\My Downloads\PDF Typewriter\PDFtypewriterie.exe (file missing)
O9 - Extra button: Locate - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\My Downloads\Visualwhois\srstools.dll
O9 - Extra 'Tools' menuitem: Locate Using Visual WhoIs 2004 - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\My Downloads\Visualwhois\srstools.dll
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\My Downloads\Newzcrawler\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\My Downloads\Newzcrawler\NewzCrawler\News.exe
O9 - Extra button: [LWA] Add - {DA356B42-149C-47A4-91D1-8A734A70C33B} - C:\My Downloads\Local WebSite\Local Website Archive\wsarc_add.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FC4F8941-BB5B-45c1-857C-E5B32157D00B} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra 'Tools' menuitem: Web Eyes &Page Control - {FC4F8941-BB5B-45c1-857C-E5B32157D00B} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra button: (no name) - {FD67E839-BCC2-4487-88DF-FB54C083CB14} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra 'Tools' menuitem: Web &Eyes Reader - {FD67E839-BCC2-4487-88DF-FB54C083CB14} - C:\MYDOWN~1\WEBEYE~1\WEBEYE~1.DLL
O9 - Extra button: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\My Downloads\LinkStash\LinkStash\lsshow.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\My Downloads\LinkStash\LinkStash\lsshow.exe (HKCU)
O9 - Extra button: Grab URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\My Downloads\LinkStash\LinkStash\lsgrab.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash GrabURLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\My Downloads\LinkStash\LinkStash\lsgrab.exe (HKCU)
O9 - Extra button: Save with Mybase/WebCollect - {B32D4F40-124C-4be4-9EED-456712C053B5} - C:\My Downloads\My Base\WebCollect\websave.htm (HKCU)
O9 - Extra 'Tools' menuitem: Save with Mybase/WebCollect - {B32D4F40-124C-4be4-9EED-456712C053B5} - C:\My Downloads\My Base\WebCollect\websave.htm (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Proyec - http://www.expansiondirecto.com/pdf/RMDActiveX.cab
O16 - DPF: RMDActiveX - http://www.expansiondirecto.com/pdf/RMDActiveX.cab
O16 - DPF: WebControlDeploy - https://grouper.com/v1/Resolver.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class) - http://client.maven.net/client/mavenInstaller.cab
O16 - DPF: {2517F764-6F60-4ADD-8FCF-137E5B220FF6} - http://advnt01.com/dialer/emsat_ver4.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/122b2c8290165e819621/netzip/RdxIE601.cab
O16 - DPF: {5AA1A8E3-FD88-488A-95EB-944D938136AF} (VerMDDE.clsVerMDDE) - https://sce.ctt.pt/VerMDDE.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.newsstand.com/downloads/reader/live/Disk1/isetupml.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class) - http://www.x1.com/download/X1WebInstall.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/account/downloads/executables/ie/IDA.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\My Downloads\Surfsaver\AS6_AIPP.dll
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - C:\MYDOWN~1\COPERN~2\COPERN~2.DLL
O18 - Protocol: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - C:\MYDOWN~1\COPERN~1\COPERN~2.DLL
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Boingo Monitor Service - Boingo Wireless, Inc. - C:\Program Files\Boingo\WENGINE\wmonitor.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: GoToMyPC - Citrix Online - C:\My Downloads\Citrix\GoToMyPC\g2svc.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\Norton\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown - C:\My Downloads\Compupic\ScsiAccess.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\Norton\NORTON~1\NORTON~2\SPEEDD~1\NOPD B.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service - Unknown - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\My Downloads\Tune Up\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe