Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cid Problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 londoncoins

londoncoins

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 17 March 2008 - 09:18 AM

CiD keeps opening new windows on my computer (XP pro). I have run all the scans recommended and have run hijack this. Here is a copy of the log, any help you can give would be much appreciated, thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:43, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\acer\recovery\RCService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Desktop Manager\admServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\PCPal\PCPalSrvHost.exe
C:\Program Files\Acer\Desktop Manager\admtray.exe
C:\ACER\PSM.EXE
C:\Acer\Recovery\RCMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE
C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\PCPal\PalAgnt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\AlarmS4.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Program Files\Acer\Desktop Manager\admtray.exe"
O4 - HKLM\..\Run: [MPS] C:\ACER\PSM.EXE
O4 - HKLM\..\Run: [RCMonitor] C:\Acer\Recovery\RCMonitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OLP-Tray] C:\PROGRA~1\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE
O4 - HKLM\..\Run: [PDUiP6210DMon] C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\link manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6525] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3011] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4553] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2902] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9195] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7861] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA464] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7707] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1411] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC583] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3027] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC200] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1254] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8597] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3239] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1801] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8687] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9951] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4799] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2550] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8638] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6749] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9535] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7221] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA394] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC27] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1772] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7823] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5133] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1570] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PCPal] "C:\Program Files\PCPal\PalAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [idollive] C:\DOCUME~1\Gill\APPLIC~1\BOREBO~1\extra this default.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5711] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1431] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB908] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3523] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB119] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2303] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB533] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5005] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7220] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2527] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8069] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD111] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8556] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD405] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3006] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2893] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9116] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5391] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6254] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3055] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1507] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4421] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4055] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9923] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5953] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9668] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9560] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8308] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5949] command /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5429] cmd /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Sky Alerts.lnk = C:\Program Files\Sky Alerts\skinker.exe
O4 - Global Startup: AlarmS4.lnk = C:\WINDOWS\system32\AlarmS4.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138807823343
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Hardware Monitoring Program (ADMService) - OSA Technologies Inc - C:\Program Files\Acer\Desktop Manager\admServ.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCPalSrvHost - Unknown owner - C:\Program Files\PCPal\PCPalSrvHost.exe
O23 - Service: Recovery Confirm Service (RECOVERYCONFIRMSRV) - TODO: <Company name> - c:\acer\recovery\RCService.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 38448 bytes

BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:24 PM

Posted 01 April 2008 - 01:27 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log and an Uninstall List (instructions forthcoming)

Step # 1: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:24 PM

Posted 04 April 2008 - 02:00 PM

londoncoins? Do you still need help?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:24 PM

Posted 06 April 2008 - 03:17 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

MalWare Removal University Master

Member of ASAP
unite_Invision.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users