Hijackthis Log help please

bushido brown · 04-27-2006, 04:26 AM

My mother downloaded a virus onto her account name and now we cant get on hers. When we get on her account we cant click on anything and she is the registered as the administrator.. this is my hijackthis log please help...

Logfile of HijackThis v1.99.1
Scan saved at 10:19:50 PM, on 4/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\veriogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wgp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wodtfaaa.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gail\Desktop\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe,veriogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\veriogon.exe,C:\Documents and Settings\nick coffey\Application Data\Explorer\veriogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaxCrypt] C:\Program Files\MaxCrypt v1.10\MaxCrypt.exe
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\program files\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Windows System] wodtfaaa.exe
O4 - HKLM\..\Run: [Media Player] C:\WINDOWS\system32\veriogon.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Windows System] wodtfaaa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Media Player] C:\Documents and Settings\Gail\Application Data\Explorer\veriogon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: Media Themes - {938B49B5-0F06-4461-AB97-AAD3342CD2BA} - C:\WINDOWS\system32\wowddisp.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - E:\program files\iPod\bin\iPodService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

**Buzz1927** · 04-27-2006, 05:41 PM

We'll need to see a Hijackthis log on your mother's account, does everything work ok in safemode?
Let's clean your log up.

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

F2 - REG:system.ini: Shell=Explorer.exe,veriogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\veriogon.exe,C:\Documents and Settings\nick coffey\Application Data\Explorer\veriogon.exe
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll
O4 - HKLM\..\Run: [Microsoft Windows System] wodtfaaa.exe
O4 - HKLM\..\Run: [Media Player] C:\WINDOWS\system32\veriogon.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Windows System] wodtfaaa.exe
O4 - HKCU\..\Run: [Media Player] C:\Documents and Settings\Gail\Application Data\Explorer\veriogon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O21 - SSODL: Media Themes - {938B49B5-0F06-4461-AB97-AAD3342CD2BA} - C:\WINDOWS\system32\wowddisp.dll

Close all open windows and browsers, and hit "Fix Checked".

Download Avenger from here:
http://swandog46.geekstogo.com/

Open the program. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:

Files to delete:
C:\WINDOWS\system32\veriogon.exe
C:\Documents and Settings\nick coffey\Application Data\Explorer\veriogon.exe
C:\Program Files\winupdates\winupdates.exe
C:\Documents and Settings\Gail\Application Data\Explorer\veriogon.exe
C:\WINDOWS\system32\wowddisp.dll
C:\WINDOWS\system32\wodtfaaa.exe

and click 'Done'

Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.

After the restart, post a new Hijackthis log.

bushido brown · 05-01-2006, 12:46 AM

k here is my new Hijackthis log after i followed your directions
Logfile of HijackThis v1.99.1
Scan saved at 6:41:53 PM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\wgp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\program files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
F2 - REG:system.ini: Shell=explorer.exe,veriogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\system32\veriogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MaxCrypt] C:\Program Files\MaxCrypt v1.10\MaxCrypt.exe
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Player] C:\WINDOWS\system32\veriogon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Media Player] C:\WINDOWS\system32\veriogon.exe
O4 - Startup: LimeWire On Startup.lnk = E:\program files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: Media Themes - {51333D0C-2CA4-446D-BCB4-40D4BB993095} - C:\WINDOWS\system32\wowddisp.dll
O23 - Service: iPodService - Apple Computer, Inc. - E:\program files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

04-27-2006, 04:26 AM	#1 (permalink)
bushido brown New Member Join Date: Apr 2006 Posts: 9	Hijackthis Log help please My mother downloaded a virus onto her account name and now we cant get on hers. When we get on her account we cant click on anything and she is the registered as the administrator.. this is my hijackthis log please help... Logfile of HijackThis v1.99.1 Scan saved at 10:19:50 PM, on 4/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\veriogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wgp.exe C:\Program Files\MessengerPlus! 3\MsgPlus1.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\wodtfaaa.exe C:\Program Files\winupdates\winupdates.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Gail\Desktop\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe,veriogon.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\veriogon.exe,C:\Documents and Settings\nick coffey\Application Data\Explorer\veriogon.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MaxCrypt] C:\Program Files\MaxCrypt v1.10\MaxCrypt.exe O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iTunesHelper] "E:\program files\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Windows System] wodtfaaa.exe O4 - HKLM\..\Run: [Media Player] C:\WINDOWS\system32\veriogon.exe O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\RunServices: [Microsoft Windows System] wodtfaaa.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Media Player] C:\Documents and Settings\Gail\Application Data\Explorer\veriogon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: Media Themes - {938B49B5-0F06-4461-AB97-AAD3342CD2BA} - C:\WINDOWS\system32\wowddisp.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - E:\program files\iPod\bin\iPodService.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

04-27-2006, 05:41 PM	#2 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 7,582	We'll need to see a Hijackthis log on your mother's account, does everything work ok in safemode? Let's clean your log up. Run Hijackthis and select "Do a system scan only", place a check by the following entries. F2 - REG:system.ini: Shell=Explorer.exe,veriogon.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\veriogon.exe,C:\Documents and Settings\nick coffey\Application Data\Explorer\veriogon.exe O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll O4 - HKLM\..\Run: [Microsoft Windows System] wodtfaaa.exe O4 - HKLM\..\Run: [Media Player] C:\WINDOWS\system32\veriogon.exe O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\RunServices: [Microsoft Windows System] wodtfaaa.exe O4 - HKCU\..\Run: [Media Player] C:\Documents and Settings\Gail\Application Data\Explorer\veriogon.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYUS O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab O21 - SSODL: Media Themes - {938B49B5-0F06-4461-AB97-AAD3342CD2BA} - C:\WINDOWS\system32\wowddisp.dll Close all open windows and browsers, and hit "Fix Checked". Download Avenger from here: http://swandog46.geekstogo.com/ Open the program. Check the 'Input script manually' option. Click the Magnifying Glass icon. In the box that opens, paste this: Files to delete: C:\WINDOWS\system32\veriogon.exe C:\Documents and Settings\nick coffey\Application Data\Explorer\veriogon.exe C:\Program Files\winupdates\winupdates.exe C:\Documents and Settings\Gail\Application Data\Explorer\veriogon.exe C:\WINDOWS\system32\wowddisp.dll C:\WINDOWS\system32\wodtfaaa.exe and click 'Done' Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC. After the restart, post a new Hijackthis log. __________________ Son of Glyndwr Mae hen wlad fy nhadau yn annwyl i mi

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

05-01-2006, 12:46 AM	#3 (permalink)
bushido brown New Member Join Date: Apr 2006 Posts: 9	k here is my new Hijackthis log after i followed your directions Logfile of HijackThis v1.99.1 Scan saved at 6:41:53 PM, on 4/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\system32\wgp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe E:\program files\LimeWire\LimeWire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033 F2 - REG:system.ini: Shell=explorer.exe,veriogon.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\system32\veriogon.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [MaxCrypt] C:\Program Files\MaxCrypt v1.10\MaxCrypt.exe O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Media Player] C:\WINDOWS\system32\veriogon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Media Player] C:\WINDOWS\system32\veriogon.exe O4 - Startup: LimeWire On Startup.lnk = E:\program files\LimeWire\LimeWire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: Media Themes - {51333D0C-2CA4-446D-BCB4-40D4BB993095} - C:\WINDOWS\system32\wowddisp.dll O23 - Service: iPodService - Apple Computer, Inc. - E:\program files\iPod\bin\iPodService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe