Post Your Hijackthis Log

.....

**laughs at himself** Damn, no wonder I couldn't get it. I kept seeing the applications list on the log, and .......well I don't know what the hell I'm doing.

Did everything on the list. Heres the log. Really appreciate your help, cause there is no way in hell I would have figured any of this out.

Nice choice of beer.

Jkasj

My very first post to you said:

Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.

this is what I get from you: Logfile of HijackThis v1.98.2

Damn. Wrong version. Is this right? if not I'll work on it once I get off work tonight. Sorry for all this hassle.

Jkasj

Boot in Safe Mode.
Switch System Restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
PowerReg Scheduler V3.exe
ATR1.EXE

Next, try to UNinstall only, NOT delete yet, anything to do with:
C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
C:\Program Files\PartyPoker\IEExtension.dll

Next, run HJT on its own and let it 'fix' if there:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Sid Registration.lnk = D:\ATR1.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
Boot normal. When all OK, switch System Restore back on.

Alright got everything except for the Atr1.exe...but I never found it as a running process while in safe mode.

Here is the new log.

Jkasj

Your log is clean. D:\Atr1.exe was maybe part of one of the deleted baddies, or got there at one time while a CD was running. Not to worry as long as it is gone.

Thank you so much for your help and patience.

Please check my HIJACKTHIS log

Please check the log atached and lrt me know what has to be reoved.

Thx
Tom

tomk

Move HJT to its OWN directory, NOT on the Desktop!

Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
RAADfgBN.exe

Next, try to UNinstall (not yet delete) anything to do with:
C:\Program Files\CommonName\Toolbar\
C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
C:\WINDOWS\system32\IEDriver

Next, run HJT on its own and let it 'fix':
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\sb.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll (file missing)
O2 - BHO: sPeerObj Class - {00000026-8735-428D-B81F-DD098223B25F} - C:\WINDOWS\speer.dll
O4 - HKLM\..\Run: [Zw0GX9Uw] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [dEVHX5Ux] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [dUFHZo1w] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [YgFGV9Ew] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [eQpGYAox] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [fwpGTwov] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [cQFHWAEx] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [cMpGWsEw] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [ekVJWAEw] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [cYVJU91v] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - HKLM\..\Run: [YMVGYo1w] C:\PROGRA~1\vupqvwvv\RAADfgBN.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O9 - Extra button: (no name) - {7469C79A-B689-464D-A43F-C7F07F226AEE} - C:\WINDOWS\system32\IEDriver\td.exe (file missing)
O9 - Extra 'Tools' menuitem: TurboDownload - {7469C79A-B689-464D-A43F-C7F07F226AEE} - C:\WINDOWS\system32\IEDriver\td.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O11 - Options group: [CommonName] CommonName
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}

When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
Boot normal. When all OK, switch System Restore back on.

help, caught something

OS: Windows XP Professional
browser: Firefox 1.0, IE

Some kind of horrible respawning 'about:blank' and RUNDLL trojan. Norton 2005 removes virus se.dll StartPage trojan about 3 times a day.

Ran Microsoft Beta AntiSpy in safe mode and destroyed 2 infected files, then ran Adaware SE and removed further 13. What's that about? Anyway... ran HiJack this and here is my log. Please help. PC is grinding...to...a halt.

Logfile of HijackThis v1.97.7
Scan saved at 21:02:06, on 15/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svc8021x.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\WS_FTP Pro\ftpqueue.exe
C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Panasonic\TouchPad\Touchpad.exe
C:\WINDOWS\system32\mgr8021x.exe
C:\Bits and Bobs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://vv1.s13.tempx.cc/open_console_out.php?n=21&pin=1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {90C47D68-5C4E-4715-8905-2FF66635D707} - C:\WINDOWS\system32\eejbgaa.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Panasonic HotKey Manager] C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe /FirstLogin
O4 - HKLM\..\Run: [ftpqueue] "C:\Program Files\WS_FTP Pro\ftpqueue.exe" -tray
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Touch Pad utility.lnk = ?
O4 - Global Startup: WLAN Security Client Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AD0E37CE-0A0E-4183-83E9-902CC84A4185} (RootInstaller Class) - https://www.partners.extranet.microsoft.com/Content/launch/rootinst.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://m62.webex.com/client/latest/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = M62Domain.local
O17 - HKLM\Software\..\Telephony: DomainName = M62Domain.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{609DACF5-D9A6-4B93-B9FF-38FE25A0DD6A}: NameServer = 158.152.1.43,158.152.1.58

johnybev

Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
How to remove Begin2Search/Coolwebsearch and Other Nasties
Then see How to post your Hijackthis log-files.

Cleanig up my sisters college-networked laptop

Here is the hijackthis log from my sisters laptop in safe mode after running normal anit-spyware stuff. Is there anymore that I can remove, several things I did not know if it was safe. Thank you

thmandan22

Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
How to remove Begin2Search/Coolwebsearch and Other Nasties
Then see How to post your Hijackthis log-files.

Followed instructions, Thank you

Followed those instructions on your link, Thanks.
Is there anything more to do. I did cleen it up quite abit, but i have a feeling i may have missed somthing on the hijackthis file.

Thanks agian.

You version of Hijackthis is out of date. Download the latest version from http://www.tomcoyote.org/hjt/

Then post a new HJT log.

Regards Howard :grinthumb

Thanks, I must have run the old one after I downloaded the newest. still a few I am unsure about. Here it is and thanks agian.

The only entry I can see that stands out is,

O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

I have done a Google search for this with mixed results, so I`m not really sure whether it should be there or not.

Perhaps RBS would be the best person to clarify this for you.

Other than that your log looks pretty clean.

Regards Howard :grinthumb

thmandan22

Run HJT in Safe Mode and let it fix:
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINNT\System32\req.dat
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINNT\System32\req.dat

Then delete the bold files.

Thanks for all you help, I could not find the req.dat file only a req.exe. any suggestions?

My HijackThis log.....any suggestions?

Logfile of HijackThis v1.99.1
Scan saved at 8:48:49 PM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpe.dll/asst.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.4\SDHelper.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4609457-2F97-4BF7-B7A1-456F33FBB3A4}: NameServer = 142.161.130.155 142.161.2.155
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe