Avast WEBforum

Other => General Topics => Topic started by: G-4rce on January 30, 2005, 07:07:10 PM

Title: Hijackthis Log (Part 2 of 2)
Post by: G-4rce on January 30, 2005, 07:07:10 PM

Here's the rest of the log...

O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://216.150.210.141/webline/applets/msie40x.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2390b183f26318917e06/netzip/RdxIE601.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O18 - Protocol: offline-8876480 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {6D9F3168-C76B-4E70-8964-3C9BB62F3BAD} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL



Thanks again,
G-4rce

Title: Re: Hijackthis Log (Part 2 of 2)
Post by: lee16 on January 30, 2005, 07:13:40 PM

There really was no need to create two theads, you this could of all been in 2 post 1 thread, o well whats done is done.

OK go to Eddy's website here: http://members.home.nl/edeijl/ache/cleaning.htm

Follow the instructions there, then redo a hijackthis log and post back, you seem to be heavily infected with Malware.

--lee

Title: Re: Hijackthis Log (Part 2 of 2)
Post by: DavidR on January 30, 2005, 07:13:54 PM

You should really have kept this with the original post "Hijackthis Log (Part 1 of 2)", not created a separate thread for it as this will only cause confusion and multiple posts.

Title: Re: Hijackthis Log (Part 2 of 2)
Post by: bob3160 on January 30, 2005, 09:08:17 PM

Here is the analysis from Eddy's Program:

ANALYZER INFORMATION
--------------------------------------------------------------------------------
Log created on   : 30-01-2005 13:01:54
Analyzer version : 11
bad.dat  version : 31
good.dat version : 33
rec.dat  version : 24
dasb.dat version :  6
sus.dat  version : 11
fire.dat version :  2

--------------------------------------------------------------------------------
CHECKING HIJACKTHIS, WINDOWS, INTERNET EXPLORER AND FIREWALL :
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
You are using the latest version of Internet Explorer.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.

--------------------------------------------------------------------------------
GENERAL INFORMATION :
--------------------------------------------------------------------------------
All items in the original HijackThis log file which
are not shown here need further investigation.

Tutorial on the hijackthislog : http://members.home.nl/edeijl/

For email support on this application : hjtbeta@yahoo.com

Use www.google.com to find out more on items
not listed here or if you have doubts.

In addition to this application, you can also analyze the
original HijackThis log online at: http://hijackthis.de

--------------------------------------------------------------------------------
THESE ITEMS ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
--------------------------------------------------------------------------------
\program files\msn apps\updater\01.02.3000.1001\en-us\msnappau.exe
r1 - hklm\software\microsoft\internet explorer\main
r1 - hkcu\software\microsoft\internet explorer\searchurl
r1 - hkcu\software\microsoft\windows\currentversion\internet settings
proxyoverride = localhost
o2 - bho: msntoolbandbho - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o2 - bho: sdwin32 class - {de8056a1-d17f-4186-9979-13961036b2bf} - c:\windows\system\fbpje.dll (file missing)
o3 - toolbar: msn - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o3 - toolbar: (no name) - {2cde1a7d-a478-4291-bf31-e1b4c16f92eb} - (no file)
o4 - hklm\..\run: [systemtray] systray.exe
o4 - hklm\..\run: [satmat] c:\windows\satmat.exe
o9 - extra button: translate - {06fe5d05-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&lc=0409 (file missing)
o9 - extra 'tools' menuitem: av &translate - {06fe5d05-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&lc=0409 (file missing)
o9 - extra button: (no name) - {06fe5d02-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&lc=0409 (file missing)
o9 - extra 'tools' menuitem: &find pages linking to this url - {06fe5d02-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&lc=0409 (file missing)
o9 - extra button: (no name) - {06fe5d03-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&lc=0409 (file missing)
o9 - extra 'tools' menuitem: find other pages on this &host - {06fe5d03-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&lc=0409 (file missing)
o9 - extra button: (no name) - {06fe5d04-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&lc=0409 (file missing)
o9 - extra 'tools' menuitem: av live - {06fe5d04-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&lc=0409 (file missing)
o9 - extra button: (no name) - {cd67f990-d8e9-11d2-98fe-00c0f0318afe} - (no file)
o16 - dpf: {776706ae-caca-4ea3-93df-bb83d9259da9} (mailconfigure class) - http://supportservices.msn.com/us/smtptool/mailcfg.cab
o16 - dpf: {8d83d301-e841-11d1-b155-00600823bcf9} (webline browser integration classes) - http://216.150.210.141/webline/applets/msie40x.cab
o16 - dpf: {d18f962a-3722-4b59-b08d-28bb9eb2281e} (photosctrl class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
o16 - dpf: {56336bcb-3d8a-11d6-a00b-0050da18de71} (rdxie class) - http://207.188.7.150/2390b183f26318917e06/netzip/rdxie601.cab
o16 - dpf: {f7a05bac-9778-410a-9cde-bfbd4d5d2b7f} (ipix media send class) - http://216.249.24.60/code/ipix-imagewell-ipix.cab
o16 - dpf: {c3dfa998-a486-11d4-aa25-00c04f72daeb} (msn photo upload tool) - http://sc.groups.msn.com/controls/photouc/msnpupld.cab
o16 - dpf: {1d0d9077-3798-49bb-9058-393499174d5d} - file://c:\counter.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab

--------------------------------------------------------------------------------
HARMFULL ITEMS IN THE DOCUMENTS AND SETTINGS FOLDER(S) :
--------------------------------------------------------------------------------
Nothing found.

--------------------------------------------------------------------------------
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTTIME FOR THE SYSTEM TO WORK PROPERLY :
--------------------------------------------------------------------------------
o4 - hklm\..\run: [loadqm] loadqm.exe
o4 - hklm\..\run: [msnappau] "c:\program files\msn apps\updater\01.02.3000.1001\en-us\msnappau.exe"
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
o4 - hkcu\..\run: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
o4 - startup: microsoft office.lnk = c:\program files\microsoft office\office\osa9.exe

--------------------------------------------------------------------------------
I know why this needed 2 posts but can't understand why it needed 2 Threads???
You can get further information and instructions on using Eddy's program by clicking on the HelpfulLinks in my signature.

Title: Re: Hijackthis Log (Part 2 of 2)
Post by: Eddy on January 31, 2005, 03:21:36 PM

Well actually the analyzer says this :
(I have ofcourse the latest databases that are not yet released ;) )
--------------------------------------------------------------------------------
CHECKING HIJACKTHIS, INTERNET EXPLORER, WINDOWS AND SOFTWARE FIREWALL:
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
You are using the latest version of Internet Explorer.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.

--------------------------------------------------------------------------------
THESE ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
--------------------------------------------------------------------------------
\program files\msn apps\updater\01.02.3000.1001\en-us\msnappau.exe
\program files\istsvc\istsvc.exe
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = localhost
o2 - bho: realbar - {4e7bd74f-2b8d-469e-c0ff-fd60b590a87d} - c:\progra~1\common~1\real\toolbar\realbar.dll
o2 - bho: msntoolbandbho - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o2 - bho: sdwin32 class - {de8056a1-d17f-4186-9979-13961036b2bf} - c:\windows\system\fbpje.dll (file missing)
o3 - toolbar: realbar - {4e7bd74f-2b8d-469e-c0ff-fd60b590a87d} - c:\progra~1\common~1\real\toolbar\realbar.dll
o3 - toolbar: msn - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
o3 - toolbar: (no name) - {2cde1a7d-a478-4291-bf31-e1b4c16f92eb} - (no file)
o4 - hklm\..\run: [systemtray] systray.exe
o4 - hklm\..\run: [satmat] c:\windows\satmat.exe
o4 - hklm\..\run: [xuudjldgseqa] c:\windows\system\zpfujj.exe
o4 - hklm\..\run: [ist service] c:\program files\istsvc\istsvc.exe
o4 - hkcu\..\run: [yahoo! pager] 1
o9 - extra button: translate - {06fe5d05-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&lc=0409 (file missing)
o9 - extra 'tools' menuitem: av &translate - {06fe5d05-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&lc=0409 (file missing)
o9 - extra button: (no name) - {06fe5d02-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&lc=0409 (file missing)
o9 - extra 'tools' menuitem: &find pages linking to this url - {06fe5d02-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&lc=0409 (file missing)
o9 - extra button: (no name) - {06fe5d03-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&lc=0409 (file missing)
o9 - extra 'tools' menuitem: find other pages on this &host - {06fe5d03-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&lc=0409 (file missing)
o9 - extra button: (no name) - {06fe5d04-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&lc=0409 (file missing)
o9 - extra 'tools' menuitem: av live - {06fe5d04-8f11-11d2-804f-00105a133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&lc=0409 (file missing)
o9 - extra button: (no name) - {cd67f990-d8e9-11d2-98fe-00c0f0318afe} - (no file)
o16 - dpf: {776706ae-caca-4ea3-93df-bb83d9259da9} (mailconfigure class) - http://supportservices.msn.com/us/smtptool/mailcfg.cab
o16 - dpf: {8d83d301-e841-11d1-b155-00600823bcf9} (webline browser integration classes) - http://216.150.210.141/webline/applets/msie40x.cab
o16 - dpf: {d18f962a-3722-4b59-b08d-28bb9eb2281e} (photosctrl class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
o16 - dpf: {56336bcb-3d8a-11d6-a00b-0050da18de71} (rdxie class) - http://207.188.7.150/2390b183f26318917e06/netzip/rdxie601.cab
o16 - dpf: {f7a05bac-9778-410a-9cde-bfbd4d5d2b7f} (ipix media send class) - http://216.249.24.60/code/ipix-imagewell-ipix.cab
o16 - dpf: {c3dfa998-a486-11d4-aa25-00c04f72daeb} (msn photo upload tool) - http://sc.groups.msn.com/controls/photouc/msnpupld.cab
o16 - dpf: {1d0d9077-3798-49bb-9058-393499174d5d} - file://c:\counter.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab

--------------------------------------------------------------------------------
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:
--------------------------------------------------------------------------------
o4 - hklm\..\run: [loadqm] loadqm.exe
o4 - hklm\..\run: [msnappau] "c:\program files\msn apps\updater\01.02.3000.1001\en-us\msnappau.exe"
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
o4 - hkcu\..\run: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
o4 - startup: microsoft office.lnk = c:\program files\microsoft office\office\osa9.exe

--------------------------------------------------------------------------------
WE HAVE NO INFO ON THE FOLLOWING ITEMS. THEY CAN BE BAD OR GOOD.
YOU HAVE TO VERIFY THEM MANUALLY. PLEASE TELL US IF YOU HAVE INFO ON THEM :
--------------------------------------------------------------------------------
\windows\pnguii.exe
o4 - hklm\..\run: [lkx] c:\windows\lkx.exe
o4 - hklm\..\run: [r83r36x] gdiscfg.exe
o4 - hklm\..\run: [4lxjwf] c:\windows\pnguii.exe