system:
Microsoft Windows XP
Professional
Version 2002
Service Pack 1
Computer:
AMD Athlon(TM)XP 2500+
1.83GHz
256MB of RAM
ok the lists are kinda long
Bazooka
Bazooka Scanner v1.13.03
www.kephyr.com/spywarescanner/www.kephyr.com/spywarescanner/library/support@kephyr.com
Log created 19:53:31.
OS: Windows NT 5.1
Database version: 3.090000
Database format version: 1.020000
Database date: 20051005
Current date: 2005-10-26 19:53
****************************************
Result when scanning:
2ndthought Adware 544.644.002 %ProgramsDir%\STC\
C:\Program Files\STC\
www.kephyr.com/spywarescanner/library/2ndthoughtadware/index.phtmlBookedSpace 100.200.302 {0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
www.kephyr.com/spywarescanner/library/bookedspace/index.phtmlBullsEye 433.111.901 %ProgramsDir%\BullsEye Network\
C:\Program Files\BullsEye Network\
www.kephyr.com/spywarescanner/library/bullseye/index.phtmlBullsEye 433.111.902 {F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
www.kephyr.com/spywarescanner/library/bullseye/index.phtmlDyFuCa 834.800.000 {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
www.kephyr.com/spywarescanner/library/dyfuca/index.phtmlExploit ebs.fuck-access.com 344.924.001 %SystemDir%\SahImages
C:\WINDOWS\System32\\SahImages
www.kephyr.com/spywarescanner/library/exploit-ebs.fuck-access.com/index.phtmlExploit searchterror.com 344.777.002 c:\tmp.txt
c:\tmp.txt
www.kephyr.com/spywarescanner/library/exploit-searchterror.com/index.phtmlExploit crackz.ws-1 544.234.000 {00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
www.kephyr.com/spywarescanner/library/exploit-crackz.ws-1/index.phtmlExploit Hiconvert.com 544.344.002 %SystemDir%\bbchk.exe
C:\WINDOWS\System32\\bbchk.exe
www.kephyr.com/spywarescanner/library/exploit-highconvert.com/index.phtmlInternet Optimizer 123.000.000 nem220.dll
www.kephyr.com/spywarescanner/library/internetoptimizer/index.phtmlInternet Optimizer 123.000.003 %ProgramsDir%\Internet Optimizer\
C:\Program Files\Internet Optimizer\
www.kephyr.com/spywarescanner/library/internetoptimizer/index.phtmlMirar Toolbar.winnb51 932.700.000 {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
www.kephyr.com/spywarescanner/library/mirartoolbar.winnb51/index.phtmlMirar Toolbar.winnb51 932.700.001 {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
www.kephyr.com/spywarescanner/library/mirartoolbar.winnb51/index.phtmlShopAtHomeSelect 123.000.444
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHomeSelect Agent\DisplayName
www.kephyr.com/spywarescanner/library/shopathomeselect/index.phtmlShopAtHomeSelect 123.000.445 %SystemDir%\SahAgent.exe
C:\WINDOWS\System32\\SahAgent.exe
www.kephyr.com/spywarescanner/library/shopathomeselect/index.phtmlWebOffer.wo 232.634.000 eZWO
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\eZWO
www.kephyr.com/spywarescanner/library/weboffer.wo/index.phtml****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Mommy\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Mommy\Start Menu\Programs\Startup\desktop.ini
Go here to analyse the startup entries and the associated files:
www.kephyr.com/filedb/index.php****************************************
Run entries:
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe
pccguide.exe "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\pccguide.exe
PCCClient.exe "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCCClient.exe
Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Pop3trap.exe
800947adcbf9 C:\WINDOWS\System32\browser9.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\800947adcbf9
REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\REGSHAVE
NaviSearch C:\Program Files\NaviSearch\bin\nls.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NaviSearch
406b326d9f04 C:\WINDOWS\System32\cewmdm37.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\406b326d9f04
LXSUPMON C:\WINDOWS\System32\LXSUPMON.EXE RUN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LXSUPMON
Smapp C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Smapp
cfgmgr52 RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\cfgmgr52
WMC_AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WMC_AutoUpdate
h3sm22b4 C:\WINDOWS\System32\h3sm22b4.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\h3sm22b4
BearShare "C:\Program Files\BearShare\BearShare.exe" /pause
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BearShare
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
OSS C:\windows\rlvknlg.exe -boot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OSS
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe /k
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ctfmon.exe
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AIM
eZWO C:\PROGRA~1\Web Offer\wo.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\eZWO
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager
prqtect C:\WINDOWS\System32\prqtect.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\prqtect
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe /k
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ctfmon.exe
Go here to analyse the run entries and the associated files:
www.kephyr.com/filedb/index.php****************************************
Browser helper objects:
{00000010-6F7D-442C-93E3-4A4827C2E4C8} not set C:\WINDOWS\nem220.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} not set C:\WINDOWS\cfgmgr52.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
{01923280-60AE-1F37-5324-076179ABDB22} not set C:\WINDOWS\Nqyyxpgp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01923280-60AE-1F37-5324-076179ABDB22}
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} not set C:\WINDOWS\system32\9qod.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3}
{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} not set C:\WINDOWS\wsem302.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} Related Page C:\WINDOWS\System32\WinNB57.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} C:\WINDOWS\System32\nvms.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
{F4E04583-354E-4076-BE7D-ED6A80FD66DA} C:\WINDOWS\System32\msbe.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
****************************************
Toolbars:
{B17890BA-EC9E-3B47-86C1-CF353D9B55A5} C:\WINDOWS\Nqyyxpgp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B17890BA-EC9E-3B47-86C1-CF353D9B55A5}
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} C:\WINDOWS\System32\WinNB57.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} C:\Program Files\AIM Toolbar\AIMBar.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{40D41A8B-D79B-43D7-99A7-9EE0F344C385}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
{A166C1B0-5CDB-447A-894A-4B9FD7149D51} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
****************************************
All processes:
[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
LEXBCES.EXE
spoolsv.exe
MDM.EXE
nvsvc32.exe
SMAgent.exe
Tmntsrv.exe
wdfmgr.exe
PCCPFW.exe
explorer.exe
realsched.exe
pccguide.exe
PCCClient.exe
wuauclt.exe
Pop3trap.exe
browser9.exe
nls.exe
cewmdm37.exe
LXSUPMON.EXE
SMTray.exe
h3sm22b4.exe
iTunesHelper.exe
iexplore.exe
qttask.exe
rlvknlg.exe
iPodService.exe
msnmsgr.exe
aim.exe
wo.exe
YPager.exe
prqtect.exe
prqtect.exe
ctfmon.exe
WINWORD.EXE
iexplore.exe
rundll32.exe
wmiprvse.exe
spywarescanner.exe
Go here to analyse the running processes:
www.kephyr.com/filedb/index.php****************************************
Internet Explorer Settings:
Default_Page_URL
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
Search Page
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page
www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
SearchAssistant
www.exactsearch.net/sidesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
CustomizeSearch
ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\
provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
Search Bar file://C:\WINDOWS\System32\Searchx.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
Search Page
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page
www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst
****************************************
hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 7:57:19 PM, on 10/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\System32\browser9.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\WINDOWS\System32\cewmdm37.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\h3sm22b4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\rlvknlg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\prqtect.exe
C:\WINDOWS\System32\prqtect.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mommy\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.exactsearch.net/sidesearchR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.comR3 - URLSearchHook: (no name) - {A6CAA95D-CD50-F454-9981-E5AD6FE403AE} - C:\WINDOWS\Nqyyxpgp.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: (no name) - {01923280-60AE-1F37-5324-076179ABDB22} - C:\WINDOWS\Nqyyxpgp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\9qod.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Search - {B17890BA-EC9E-3B47-86C1-CF353D9B55A5} - C:\WINDOWS\Nqyyxpgp.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [800947adcbf9] C:\WINDOWS\System32\browser9.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [406b326d9f04] C:\WINDOWS\System32\cewmdm37.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kdkkdk.exe reg_run
O4 - HKLM\..\Run: [h3sm22b4] C:\WINDOWS\System32\h3sm22b4.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OSS] C:\windows\rlvknlg.exe -boot
O4 - HKLM\..\RunOnce: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe /k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [prqtect] C:\WINDOWS\System32\prqtect.exe
O4 - HKCU\..\RunOnce: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe /k
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\wuauclt.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
awbeta.net-nucleus.com (HKLM)
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118613525131O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
was that what you needed? I am sorry I am hopeless when it comes to computers.