Lumpy
-
Content Count
8 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Lumpy
-
-
Logfile of HijackThis v1.99.1
Scan saved at 20:39:35, on 5/14/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYNERGY\SYNERGYC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\INFRA\CTINFRA.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PLUS\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\MIRC\MIRC.EXE
D:\SWAPSPACE\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [systemTray] SysTray.Exe
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [infra Manager] C:\Program Files\Creative\Infra\CtInfra.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\SCANSOFT\TEXTBR~1\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [synergy Client] "C:\PROGRAM FILES\SYNERGY\synergyc.exe" --debug WARNING --name noisemaker lumpc:24800
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\VSTUDIO6.CAB
O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\WFCFORMS.CAB
-
Logfile of HijackThis v1.99.1
Scan saved at 7:15:09 PM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\mobile PhoneTools\mPhonetools.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Synergy\synergys.exe
C:\WINDOWS\SYSTEM32\notepad.exe
J:\Programs\KeePass Password Safe\KeePass.exe
C:\My Documents\Downloads\HijackThis.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37500.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0745B3-C514-4E53-B9DE-DBF96D6BE8E1}: NameServer = 66.94.25.120 66.94.9.120
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
-
Logfile of HijackThis v1.99.1
Scan saved at 7:15:09 PM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Lumpy\Start
Menu\Programs\Internet\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP
Pro\FreeRAM XP Pro.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\mobile PhoneTools\mPhonetools.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Synergy\synergys.exe
C:\WINDOWS\SYSTEM32\notepad.exe
J:\Programs\KeePass Password Safe\KeePass.exe
C:\My Documents\Downloads\HijackThis.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program
Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\RunServices: [MOSearch]
C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.e
xe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare
Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [iconoid] "C:\Program
Files\Iconoid\iconoid.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM
FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM
FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM
FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: ATI TV -
{44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM
FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582}
(ICSScanner Class) -
http://download.zonelabs.com/bin/promotions/spywaredetecto
r/ICSScanner37500.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9C0745B3-C514-4E53-B9
DE-DBF96D6BE8E1}: NameServer = 66.94.25.120 66.94.9.120
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -
Unknown owner - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
(file missing)
O23 - Service: avast! Web Scanner - Unknown owner -
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
/service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. -
C:\Documents and Settings\Lumpy\Start
Menu\Programs\Internet\Gizmo Project\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0
(experimental) (rpcapd) - Unknown owner -
%ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
-
hopefully the third time is a charm
Logfile of HijackThis v1.99.1
Scan saved at 8:21:19 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37500.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
-
ACTIVE SCAN RESULTS
Incident Status Location
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.overture.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.hypercount.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.centrport.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[statse.webtrendslive.com/]
Virus:W32/Gaobot.FED.worm Disinfected C:\WINDOWS\SYSTEM32\TFTP644
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[]
******************************************
Logfile of HijackThis v1.99.1
Scan saved at 7:30:51 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\mobile PhoneTools\mPhonetools.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mIRC\mirc.exe
C:\My Documents\Downloads\HijackThis.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37500.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C0745B3-C514-4E53-B9DE-DBF96D6BE8E1}: NameServer = 66.94.25.120 66.94.9.120
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
-
Logfile of HijackThis v1.99.1
Scan saved at 3:08:07 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\mobile PhoneTools\mPhonetools.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\xint\xint.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\My Documents\Downloads\HijackThis.exe
C:\My Documents\Downloads\HijackThis.exe
C:\My Documents\Downloads\HijackThis.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Network Services Controller]
C:\WINDOWS\System32\mmsvc32.exe
O4 - HKLM\..\Run: [spools Service Controller]
C:\WINDOWS\System32\spools.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [MOSearch]
C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT
ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare
Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT
ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT
ACTIVESYNC\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} -
C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zonelabs.com/bin/promotion...r/ICSScanner375
00.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9C0745B3-C514-4E53-B9DE-DBF96D6BE8
E1}: NameServer = 66.94.25.120 66.94.9.120
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
-
Not bad for a first attempt mate.
and i will just post it here... Exios and I will listen...
Would love to get you to do a monologue on ours...
have fun
Lumpy's Amd - Is It Safe?[RESOLVED]
in Malware Removal
Posted
Logfile of HijackThis v1.99.1
Scan saved at 9:07:18 PM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Synergy\synergys.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\My Documents\Downloads\internet\removal toolsw\HijackThis.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37500.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)