Hi I wish I would have found your site yesterday! My ISP wants to cut me off if I don't get rid of this trojan. I downloaded Hijack This and here is the log it generated. Any help would be greatly appreciated please and thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:39 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and
Settings\Laurie\Desktop\hijackgpthis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ca.red.clientapps.yahoo.com/customize/rogers/
defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://ca.red.clientapps.yahoo.com/customize/rogers/
defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ca.red.clientapps.yahoo.com/customize/rogers/
defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub -
{18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) -
{22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program
Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) -
{3c060ea2-e6a9-4e49-a530-d4657b8c449a} - (no file)
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6f74-2d53-2644-206d7942484f} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) -
{5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: YahooTaggedBM Class -
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program
Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program
Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class -
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program
Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in -
{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program
Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService]
C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [High Definition Audio Property
Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [InCD] C:\Program
Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [FixCamera]
C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET
NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [ccube_Cleanup]
"C:\DOCUME~1\Laurie\LOCALS~1\Temp\cacu_001.exe"
/cleanup
O4 - HKLM\..\RunOnce: [ccube_Uninstall_Lock]
"C:\DOCUME~1\Laurie\LOCALS~1\Temp\cazz_001.exe"
/null
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator]
Narrator.exe (User 'Default user')
O4 - Startup: moon.lnk = C:\Program
Files\moon\moon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk =
C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Rogers Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype -
{77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program
Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash Decompiler SWF Capture tool
- {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} -
C:\Program Files\Eltima Software\Flash Decompiler
Trillix\saveflash\iebt.dll (file missing)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF
Capture tool menu -
{86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program
Files\Eltima Software\Flash Decompiler
Trillix\saveflash\iebt.dll (file missing)
O9 - Extra button: (no name) -
{dfb852a3-47f8-48c4-a200-58cab36fd2a2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &
Destroy Configuration -
{dfb852a3-47f8-48c4-a200-58cab36fd2a2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab312
67.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsP
AClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}
(CMediaMix Object) -
http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Contr
ols/en/x86/client/wuweb_site.cab?1126207557343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsC
lient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
(ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846
.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3}
(WheelofFortune Object) -
http://messenger.zone.msn.com/binary/WoF.cab31267.ca
b
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:
NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CS3\Services\Tcpip\Parameters:
NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
NameServer = 85.255.112.130,85.255.112.184
O18 - Protocol: skype4com -
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET -
C:\Program Files\ESET\ESET NOD32
Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET -
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus(R) Helper (getplus(r) helper)
- Unknown owner - C:\Program
Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead
Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter
(javaquickstarterservice) - Sun Microsystems, Inc. -
C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner -
C:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10884 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:39 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and
Settings\Laurie\Desktop\hijackgpthis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ca.red.clientapps.yahoo.com/customize/rogers/
defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://ca.red.clientapps.yahoo.com/customize/rogers/
defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ca.red.clientapps.yahoo.com/customize/rogers/
defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub -
{18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) -
{22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program
Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) -
{3c060ea2-e6a9-4e49-a530-d4657b8c449a} - (no file)
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6f74-2d53-2644-206d7942484f} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) -
{5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: YahooTaggedBM Class -
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program
Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program
Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class -
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program
Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in -
{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program
Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService]
C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
O4 - HKLM\..\Run: [High Definition Audio Property
Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [InCD] C:\Program
Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [FixCamera]
C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET
NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [ccube_Cleanup]
"C:\DOCUME~1\Laurie\LOCALS~1\Temp\cacu_001.exe"
/cleanup
O4 - HKLM\..\RunOnce: [ccube_Uninstall_Lock]
"C:\DOCUME~1\Laurie\LOCALS~1\Temp\cazz_001.exe"
/null
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator]
Narrator.exe (User 'Default user')
O4 - Startup: moon.lnk = C:\Program
Files\moon\moon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk =
C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Rogers Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype -
{77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program
Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash Decompiler SWF Capture tool
- {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} -
C:\Program Files\Eltima Software\Flash Decompiler
Trillix\saveflash\iebt.dll (file missing)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF
Capture tool menu -
{86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program
Files\Eltima Software\Flash Decompiler
Trillix\saveflash\iebt.dll (file missing)
O9 - Extra button: (no name) -
{dfb852a3-47f8-48c4-a200-58cab36fd2a2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &
Destroy Configuration -
{dfb852a3-47f8-48c4-a200-58cab36fd2a2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab312
67.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsP
AClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}
(CMediaMix Object) -
http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Contr
ols/en/x86/client/wuweb_site.cab?1126207557343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsC
lient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
(ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846
.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3}
(WheelofFortune Object) -
http://messenger.zone.msn.com/binary/WoF.cab31267.ca
b
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:
NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CS3\Services\Tcpip\Parameters:
NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
NameServer = 85.255.112.130,85.255.112.184
O18 - Protocol: skype4com -
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET -
C:\Program Files\ESET\ESET NOD32
Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET -
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus(R) Helper (getplus(r) helper)
- Unknown owner - C:\Program
Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead
Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter
(javaquickstarterservice) - Sun Microsystems, Inc. -
C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner -
C:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10884 bytes