Got this nasty virus. morze5.exe
I saw some other post here that mentioned and I hope you can help. I have downloaded Hijack this and will post the scan log. Hopefully you can help be rid of this demon!
Printable View
Got this nasty virus. morze5.exe
I saw some other post here that mentioned and I hope you can help. I have downloaded Hijack this and will post the scan log. Hopefully you can help be rid of this demon!
Logfile of HijackThis v1.97.7
Scan saved at 10:26:49 PM, on 4/8/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\LYCOS\IEAGENT\LOADER.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\WINDOWS\SYSTEM\PPRPRXYH.EXE
C:\WINDOWS\YYJFQ4LC.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SYSAI\SYSAI.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\UPDATES\XTSEARCH.DLL (file missing)
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {9CD4ABB8-0F2C-4D21-B395-DEFC1DD77932} - C:\WINDOWS\HDBVYQ.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ZZZ_HPI_Boot] C:\Program Files\HP PhotoSmart\Photo Finishing Software\HPI_Boot.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [ATTRedUpate] C:\PROGRAM FILES\COMMON FILES\AT&T\REDCON\PROGRAMS\AutoUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\SYSTEM\CRAZYTALK.DLL,DllServeMediaFile
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [pprprxyh] C:\WINDOWS\SYSTEM\pprprxyh.exe
O4 - HKLM\..\Run: [YYJFQ4LC.EXE] C:\WINDOWS\YYJFQ4LC.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\Run: [YYJFQ4LC.EXE] C:\WINDOWS\YYJFQ4LC.EXE /dk
O4 - Startup: LV4NCYV8.lnk = C:\WINDOWS\lv4ncyv8.exe
O4 - Startup: EM4ACO20.lnk = C:\WINDOWS\em4aco20.exe
O4 - Startup: OA26KY66.lnk = C:\WINDOWS\oa26ky66.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: U7LPO0K5.lnk = C:\WINDOWS\u7lpo0k5.exe
O4 - Startup: P16OHMOT.lnk = C:\WINDOWS\p16ohmot.exe
O4 - Startup: Q2XA2KUA.lnk = C:\WINDOWS\q2xa2kua.exe
O4 - Startup: 3QMFG4BX.lnk = C:\WINDOWS\3qmfg4bx.exe
O4 - Startup: 9VXDQNR2.lnk = C:\WINDOWS\9vxdqnr2.exe
O4 - Startup: X21GPM3E.lnk = C:\WINDOWS\x21gpm3e.exe
O4 - Startup: KHLZ6YIR.lnk = C:\WINDOWS\khlz6yir.exe
O4 - Startup: VRPL71U0.lnk = C:\WINDOWS\vrpl71u0.exe
O4 - Startup: DP0M5BHH.lnk = C:\WINDOWS\dp0m5bhh.exe
O4 - Startup: 5HBPDD4M.lnk = C:\WINDOWS\5hbpdd4m.exe
O4 - Startup: WO8QZ0VM.lnk = C:\WINDOWS\wo8qz0vm.exe
O4 - Startup: 8B3CB05X.lnk = C:\WINDOWS\8b3cb05x.exe
O4 - Startup: 41NC7FJW.lnk = C:\WINDOWS\41nc7fjw.exe
O4 - Startup: 31W84AQ4.lnk = C:\WINDOWS\31w84aq4.exe
O4 - Startup: 0ETCZ7QH.lnk = C:\WINDOWS\0etcz7qh.exe
O4 - Startup: YEHQ6P2C.lnk = C:\WINDOWS\yehq6p2c.exe
O4 - Startup: ZQL9AFX8.lnk = C:\WINDOWS\zql9afx8.exe
O4 - Startup: 2IB6PJVN.lnk = C:\WINDOWS\2ib6pjvn.exe
O4 - Startup: 5BYXXE50.lnk = C:\WINDOWS\5byxxe50.exe
O4 - Startup: B1JBTPA0.lnk = C:\WINDOWS\b1jbtpa0.exe
O4 - Startup: B70GR1IG.lnk = C:\WINDOWS\b70gr1ig.exe
O4 - Startup: 0PE7EG4P.lnk = C:\WINDOWS\0pe7eg4p.exe
O4 - Startup: YYJFQ4LC.lnk = C:\WINDOWS\yyjfq4lc.exe
O4 - Global Startup: WO8QZ0VM.lnk = C:\WINDOWS\wo8qz0vm.exe
O4 - Global Startup: 12WYQ06O.lnk = C:\WINDOWS\wo8qz0vm.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: XRNE55PN.lnk = C:\WINDOWS\xrne55pn.exe
O4 - Global Startup: MGPF3XB3.lnk = C:\WINDOWS\mgpf3xb3.exe
O4 - Global Startup: 4RBNBG9H.lnk = C:\WINDOWS\4rbnbg9h.exe
O4 - Global Startup: 2IB6PJVN.lnk = C:\WINDOWS\2ib6pjvn.exe
O4 - Global Startup: 41NC7FJW.lnk = C:\WINDOWS\41nc7fjw.exe
O4 - Global Startup: 050078VT.lnk = C:\WINDOWS\050078vt.exe
O4 - Global Startup: B70GR1IG.lnk = C:\WINDOWS\b70gr1ig.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 50G6XH1P.lnk = C:\WINDOWS\50g6xh1p.exe
O4 - Global Startup: LV4NCYV8.lnk = C:\WINDOWS\lv4ncyv8.exe
O4 - Global Startup: EM4ACO20.lnk = C:\WINDOWS\em4aco20.exe
O4 - Global Startup: OA26KY66.lnk = C:\WINDOWS\oa26ky66.exe
O4 - Global Startup: U7LPO0K5.lnk = C:\WINDOWS\u7lpo0k5.exe
O4 - Global Startup: P16OHMOT.lnk = C:\WINDOWS\p16ohmot.exe
O4 - Global Startup: Q2XA2KUA.lnk = C:\WINDOWS\q2xa2kua.exe
O4 - Global Startup: 3QMFG4BX.lnk = C:\WINDOWS\3qmfg4bx.exe
O4 - Global Startup: 9VXDQNR2.lnk = C:\WINDOWS\9vxdqnr2.exe
O4 - Global Startup: X21GPM3E.lnk = C:\WINDOWS\x21gpm3e.exe
O4 - Global Startup: KHLZ6YIR.lnk = C:\WINDOWS\khlz6yir.exe
O4 - Global Startup: DP0M5BHH.lnk = C:\WINDOWS\dp0m5bhh.exe
O4 - Global Startup: 5HBPDD4M.lnk = C:\WINDOWS\5hbpdd4m.exe
O4 - Global Startup: VRPL71U0.lnk = C:\WINDOWS\vrpl71u0.exe
O4 - Global Startup: 8B3CB05X.lnk = C:\WINDOWS\8b3cb05x.exe
O4 - Global Startup: 31W84AQ4.lnk = C:\WINDOWS\31w84aq4.exe
O4 - Global Startup: 0ETCZ7QH.lnk = C:\WINDOWS\0etcz7qh.exe
O4 - Global Startup: YEHQ6P2C.lnk = C:\WINDOWS\yehq6p2c.exe
O4 - Global Startup: ZQL9AFX8.lnk = C:\WINDOWS\zql9afx8.exe
O4 - Global Startup: 5BYXXE50.lnk = C:\WINDOWS\5byxxe50.exe
O4 - Global Startup: B1JBTPA0.lnk = C:\WINDOWS\b1jbtpa0.exe
O4 - Global Startup: 0PE7EG4P.lnk = C:\WINDOWS\0pe7eg4p.exe
O4 - Global Startup: YYJFQ4LC.lnk = C:\WINDOWS\yyjfq4lc.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.9837152778
O16 - DPF: Yahoo! NBA StatTracker - http://aud4.sports.yahoo.com/java/y/nbast8268_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/...14167/thin.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
Welcome to Windrivers fastwaves.
Before just posting a log of hijack this, go through this set of suggestions first Having completed that, repost your (hopefully) much reduced log.
Thanks for your help...here is my much reduced log.Quote:
Originally Posted by NooNoo
Logfile of HijackThis v1.97.7
Scan saved at 11:19:23 PM, on 4/11/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\NAPHR.EXE
C:\WINDOWS\T8AIDTVO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {9CD4ABB8-0F2C-4D21-B395-DEFC1DD77932} - C:\WINDOWS\HDBVYQ.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ZZZ_HPI_Boot] C:\Program Files\HP PhotoSmart\Photo Finishing Software\HPI_Boot.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [ATTRedUpate] C:\PROGRAM FILES\COMMON FILES\AT&T\REDCON\PROGRAMS\AutoUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\SYSTEM\CRAZYTALK.DLL,DllServeMediaFile
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [dyn] C:\WINDOWS\dyn.exe
O4 - HKLM\..\Run: [NAPHR] C:\WINDOWS\SYSTEM\NAPHR.exe
O4 - HKLM\..\Run: [T8AIDTVO.EXE] C:\WINDOWS\T8AIDTVO.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [T8AIDTVO.EXE] C:\WINDOWS\T8AIDTVO.EXE /dk
O4 - Startup: QL4GNUU6.lnk = C:\WINDOWS\ql4gnuu6.exe
O4 - Startup: RA9Q7MWB.lnk = C:\WINDOWS\ra9q7mwb.exe
O4 - Startup: T8AIDTVO.lnk = C:\WINDOWS\t8aidtvo.exe
O4 - Global Startup: QL4GNUU6.lnk = C:\WINDOWS\ql4gnuu6.exe
O4 - Global Startup: RA9Q7MWB.lnk = C:\WINDOWS\ra9q7mwb.exe
O4 - Global Startup: T8AIDTVO.lnk = C:\WINDOWS\t8aidtvo.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.9837152778
O16 - DPF: Yahoo! NBA StatTracker - http://aud4.sports.yahoo.com/java/y/nbast8268_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud2.sports.sc5.yahoo.com/java/y/mlbst8402_x.cab