Help!..morze5.exe

Printable View

April 9th, 2004, 12:37 AM
fastwaves

Help!..morze5.exe

Got this nasty virus. morze5.exe
I saw some other post here that mentioned and I hope you can help. I have downloaded Hijack this and will post the scan log. Hopefully you can help be rid of this demon!
April 9th, 2004, 12:38 AM
fastwaves

this is the scan log

Logfile of HijackThis v1.97.7
Scan saved at 10:26:49 PM, on 4/8/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\LYCOS\IEAGENT\LOADER.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\WINDOWS\SYSTEM\PPRPRXYH.EXE
C:\WINDOWS\YYJFQ4LC.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SYSAI\SYSAI.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\WINDOWS\DESKTOP\CS4P028.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
April 9th, 2004, 12:39 AM
fastwaves

more

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\UPDATES\XTSEARCH.DLL (file missing)
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {9CD4ABB8-0F2C-4D21-B395-DEFC1DD77932} - C:\WINDOWS\HDBVYQ.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ZZZ_HPI_Boot] C:\Program Files\HP PhotoSmart\Photo Finishing Software\HPI_Boot.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [ATTRedUpate] C:\PROGRAM FILES\COMMON FILES\AT&T\REDCON\PROGRAMS\AutoUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\SYSTEM\CRAZYTALK.DLL,DllServeMediaFile
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [pprprxyh] C:\WINDOWS\SYSTEM\pprprxyh.exe
O4 - HKLM\..\Run: [YYJFQ4LC.EXE] C:\WINDOWS\YYJFQ4LC.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRAM FILES\INTERNET WASHER PRO\IW.exe min
O4 - HKCU\..\Run: [YYJFQ4LC.EXE] C:\WINDOWS\YYJFQ4LC.EXE /dk
O4 - Startup: LV4NCYV8.lnk = C:\WINDOWS\lv4ncyv8.exe
O4 - Startup: EM4ACO20.lnk = C:\WINDOWS\em4aco20.exe
O4 - Startup: OA26KY66.lnk = C:\WINDOWS\oa26ky66.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: U7LPO0K5.lnk = C:\WINDOWS\u7lpo0k5.exe
O4 - Startup: P16OHMOT.lnk = C:\WINDOWS\p16ohmot.exe
O4 - Startup: Q2XA2KUA.lnk = C:\WINDOWS\q2xa2kua.exe
O4 - Startup: 3QMFG4BX.lnk = C:\WINDOWS\3qmfg4bx.exe
O4 - Startup: 9VXDQNR2.lnk = C:\WINDOWS\9vxdqnr2.exe
O4 - Startup: X21GPM3E.lnk = C:\WINDOWS\x21gpm3e.exe
O4 - Startup: KHLZ6YIR.lnk = C:\WINDOWS\khlz6yir.exe
O4 - Startup: VRPL71U0.lnk = C:\WINDOWS\vrpl71u0.exe
O4 - Startup: DP0M5BHH.lnk = C:\WINDOWS\dp0m5bhh.exe
O4 - Startup: 5HBPDD4M.lnk = C:\WINDOWS\5hbpdd4m.exe
O4 - Startup: WO8QZ0VM.lnk = C:\WINDOWS\wo8qz0vm.exe
O4 - Startup: 8B3CB05X.lnk = C:\WINDOWS\8b3cb05x.exe
O4 - Startup: 41NC7FJW.lnk = C:\WINDOWS\41nc7fjw.exe
O4 - Startup: 31W84AQ4.lnk = C:\WINDOWS\31w84aq4.exe
O4 - Startup: 0ETCZ7QH.lnk = C:\WINDOWS\0etcz7qh.exe
O4 - Startup: YEHQ6P2C.lnk = C:\WINDOWS\yehq6p2c.exe
O4 - Startup: ZQL9AFX8.lnk = C:\WINDOWS\zql9afx8.exe
O4 - Startup: 2IB6PJVN.lnk = C:\WINDOWS\2ib6pjvn.exe
O4 - Startup: 5BYXXE50.lnk = C:\WINDOWS\5byxxe50.exe
O4 - Startup: B1JBTPA0.lnk = C:\WINDOWS\b1jbtpa0.exe
O4 - Startup: B70GR1IG.lnk = C:\WINDOWS\b70gr1ig.exe
O4 - Startup: 0PE7EG4P.lnk = C:\WINDOWS\0pe7eg4p.exe
O4 - Startup: YYJFQ4LC.lnk = C:\WINDOWS\yyjfq4lc.exe
O4 - Global Startup: WO8QZ0VM.lnk = C:\WINDOWS\wo8qz0vm.exe
O4 - Global Startup: 12WYQ06O.lnk = C:\WINDOWS\wo8qz0vm.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: XRNE55PN.lnk = C:\WINDOWS\xrne55pn.exe
O4 - Global Startup: MGPF3XB3.lnk = C:\WINDOWS\mgpf3xb3.exe
O4 - Global Startup: 4RBNBG9H.lnk = C:\WINDOWS\4rbnbg9h.exe
O4 - Global Startup: 2IB6PJVN.lnk = C:\WINDOWS\2ib6pjvn.exe
O4 - Global Startup: 41NC7FJW.lnk = C:\WINDOWS\41nc7fjw.exe
O4 - Global Startup: 050078VT.lnk = C:\WINDOWS\050078vt.exe
O4 - Global Startup: B70GR1IG.lnk = C:\WINDOWS\b70gr1ig.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: 50G6XH1P.lnk = C:\WINDOWS\50g6xh1p.exe
O4 - Global Startup: LV4NCYV8.lnk = C:\WINDOWS\lv4ncyv8.exe
O4 - Global Startup: EM4ACO20.lnk = C:\WINDOWS\em4aco20.exe
O4 - Global Startup: OA26KY66.lnk = C:\WINDOWS\oa26ky66.exe
O4 - Global Startup: U7LPO0K5.lnk = C:\WINDOWS\u7lpo0k5.exe
O4 - Global Startup: P16OHMOT.lnk = C:\WINDOWS\p16ohmot.exe
O4 - Global Startup: Q2XA2KUA.lnk = C:\WINDOWS\q2xa2kua.exe
O4 - Global Startup: 3QMFG4BX.lnk = C:\WINDOWS\3qmfg4bx.exe
O4 - Global Startup: 9VXDQNR2.lnk = C:\WINDOWS\9vxdqnr2.exe
O4 - Global Startup: X21GPM3E.lnk = C:\WINDOWS\x21gpm3e.exe
O4 - Global Startup: KHLZ6YIR.lnk = C:\WINDOWS\khlz6yir.exe
O4 - Global Startup: DP0M5BHH.lnk = C:\WINDOWS\dp0m5bhh.exe
O4 - Global Startup: 5HBPDD4M.lnk = C:\WINDOWS\5hbpdd4m.exe
O4 - Global Startup: VRPL71U0.lnk = C:\WINDOWS\vrpl71u0.exe
O4 - Global Startup: 8B3CB05X.lnk = C:\WINDOWS\8b3cb05x.exe
O4 - Global Startup: 31W84AQ4.lnk = C:\WINDOWS\31w84aq4.exe
O4 - Global Startup: 0ETCZ7QH.lnk = C:\WINDOWS\0etcz7qh.exe
O4 - Global Startup: YEHQ6P2C.lnk = C:\WINDOWS\yehq6p2c.exe
O4 - Global Startup: ZQL9AFX8.lnk = C:\WINDOWS\zql9afx8.exe
O4 - Global Startup: 5BYXXE50.lnk = C:\WINDOWS\5byxxe50.exe
O4 - Global Startup: B1JBTPA0.lnk = C:\WINDOWS\b1jbtpa0.exe
O4 - Global Startup: 0PE7EG4P.lnk = C:\WINDOWS\0pe7eg4p.exe
O4 - Global Startup: YYJFQ4LC.lnk = C:\WINDOWS\yyjfq4lc.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.9837152778
O16 - DPF: Yahoo! NBA StatTracker - http://aud4.sports.yahoo.com/java/y/nbast8268_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/...14167/thin.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
April 9th, 2004, 05:09 AM
NooNoo

Welcome to Windrivers fastwaves.

Before just posting a log of hijack this, go through this set of suggestions first Having completed that, repost your (hopefully) much reduced log.
April 12th, 2004, 01:21 AM
fastwaves

Quote:

Originally Posted by NooNoo

Welcome to Windrivers fastwaves.

Before just posting a log of hijack this, go through this set of suggestions first Having completed that, repost your (hopefully) much reduced log.

Thanks for your help...here is my much reduced log.

Logfile of HijackThis v1.97.7
Scan saved at 11:19:23 PM, on 4/11/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\NAPHR.EXE
C:\WINDOWS\T8AIDTVO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Broadband Internet
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - (no file)
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {9CD4ABB8-0F2C-4D21-B395-DEFC1DD77932} - C:\WINDOWS\HDBVYQ.DLL (disabled by BHODemon)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ZZZ_HPI_Boot] C:\Program Files\HP PhotoSmart\Photo Finishing Software\HPI_Boot.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [ATTRedUpate] C:\PROGRAM FILES\COMMON FILES\AT&T\REDCON\PROGRAMS\AutoUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\SYSTEM\CRAZYTALK.DLL,DllServeMediaFile
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [dyn] C:\WINDOWS\dyn.exe
O4 - HKLM\..\Run: [NAPHR] C:\WINDOWS\SYSTEM\NAPHR.exe
O4 - HKLM\..\Run: [T8AIDTVO.EXE] C:\WINDOWS\T8AIDTVO.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [T8AIDTVO.EXE] C:\WINDOWS\T8AIDTVO.EXE /dk
O4 - Startup: QL4GNUU6.lnk = C:\WINDOWS\ql4gnuu6.exe
O4 - Startup: RA9Q7MWB.lnk = C:\WINDOWS\ra9q7mwb.exe
O4 - Startup: T8AIDTVO.lnk = C:\WINDOWS\t8aidtvo.exe
O4 - Global Startup: QL4GNUU6.lnk = C:\WINDOWS\ql4gnuu6.exe
O4 - Global Startup: RA9Q7MWB.lnk = C:\WINDOWS\ra9q7mwb.exe
O4 - Global Startup: T8AIDTVO.lnk = C:\WINDOWS\t8aidtvo.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.9837152778
O16 - DPF: Yahoo! NBA StatTracker - http://aud4.sports.yahoo.com/java/y/nbast8268_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud2.sports.sc5.yahoo.com/java/y/mlbst8402_x.cab