I WAS TRYING TO GET RID OF AN APPLICATION ERROR...RWINSOCKET: TTG.exe...SO I RAN...RAV (ONLINE)VIRUS SCAN AND THIS IS WHAT I GET....... Scanned files: 58913 Scanned directories: 3776 Scanned archives: 6378 Size of the scanned files: 1691830472 Packed files: 1121 Known viruses found: 55 Virus bodies: 6 Suspicious files: 4 Disinfected files: 0 Deleted files: 0 Renamed files: 0 Copied files: 0 I/O errors: 0 Warnings: 0 Corrupted files: 0 New files: 234302 Mail files: 125 Found viruses File: C:\WINNT\system32\security\bin\abc2.dll Virus: Backdoor:IRC/Cloner.O* Status: Infected File: C:\WINNT\system32\security\bin\script.ini Virus: Trojan:IRC/Flood.CM* Status: Infected File: C:\WINNT\system32\security\bin\script1.ini Virus: IRC/Generic* Status: Suspicious File: C:\WINNT\system32\security\bin\script2.ini Virus: IRC/Generic* Status: Suspicious File: C:\WINNT\system32\security\bin\secure.exe Virus: Trojan:Win32/DelShare Status: Infected File: C:\WINNT\system32\security\bin\SERV-U.INI Virus: Trojan:IRC/Flood.CM* Status: Infected File: C:\WINNT\system32\security\bin\winnnt.exe->(UPXW) Virus: Win32/SpyBot.gen!p2p Status: Infected File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->abc2.dll Virus: Backdoor:IRC/Cloner.O* Status: Infected File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->script.ini Virus: Trojan:IRC/Flood.CM* Status: Infected File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->script1.ini Virus: IRC/Generic* Status: Suspicious File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->script2.ini Virus: IRC/Generic* Status: Suspicious File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->secure.exe Virus: Trojan:Win32/DelShare Status: Infected File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->SERV-U.INI Virus: Trojan:IRC/Flood.CM* Status: Infected File: C:\WINNT\system32\security\bin\cpy.exe->(UPXW)->(RARSfx)->winnnt.exe->(UPXW) Virus: Win32/SpyBot.gen!p2p Status: Infected File: C:\WINNT\system32\security\bin\runme633224.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme624248.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme229432.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme251477.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme694658.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme427536.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme852734.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme247725.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme239886.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme296371.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme898749.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme487341.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme573712.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme963378.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme622878.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme312231.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme654527.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme642868.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme786924.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme572669.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme368484.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme225254.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme323542.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme867351.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme676232.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme176568.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme693765.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme574475.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme626956.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme673779.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme373855.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme658614.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme378229.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme669848.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme822431.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme417767.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme842117.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme152321.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme496286.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme513181.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme483379.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme158176.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\WINNT\system32\security\bin\runme688222.bat Virus: Trojan:BAT/Passer.A* Status: Infected File: C:\Documents and Settings\Administrator\Local Settings\Temp\ClrSchP010.exe Virus: Backdoor:Win32/Ruledor.B Status: Infected File: C:\Program Files\ClearSearch\Loader.exe Virus: Backdoor:Win32/Ruledor.B Status: Infected .....SO I TRIED TO ERASE THE HOST FILE IN WINNT SYS32 BUT IT WOULDN'T LET ME...IS THERE ANY WAY I COULD FIX THIS...IF SOMEONE COULD HELP...I WOULD APPRECIATE IT... THANKS, ANDY

Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply. HijackThis!

I RAN HIJACKED AND THIS IS WHAT I GET.... Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\Documents and Settings\Administrator\Desktop\ident\Identd.exe C:\Program Files\Norton Utilities\NPROTECT.exe C:\WINNT\System32\QCONSVC.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\wanmpsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\iVasion\WinPoET\WrOS.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\WINNT\System32\tp4serv.exe C:\WINNT\AGRSMMSG.exe C:\WINNT\System32\PRPCUI.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.exe C:\WINNT\System32\RunDll32.exe C:\WINNT\system32\dla\tfswctrl.exe C:\Program Files\Winamp\Winampa.exe C:\WINNT\loadqm.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINNT\SYSTEM32\SECURITY\BIN\ttg.exe C:\WINNT\Sys32Smm.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\winnt\system32\security\bin\secure.exe C:\WINNT\System32\net.exe C:\Program Files\Norton Utilities\SYSDOC32.exe C:\WINNT\System32\net1.exe C:\Program Files\IMsecure\IMsecure.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Documents and Settings\Administrator\My Documents\HTML\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:/// R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.searchforge.com/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.searchforge.com/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.searchforge.com/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.searchforge.com/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.searchforge.com/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.searchforge.com/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.searchforge.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.searchforge.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.searchforge.com/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/ R3 - URLSearchHook: (no name) - {01A9EB7D-69BC-11D2-AB2F-204C4F4F5020} - (no file) F2 - REG:system.ini: UserInit= O1 - Hosts: 66.159.20.52 www1.ndhosting.com O1 - Hosts: 66.159.20.52 www3.ndhosting.com O1 - Hosts: 66.159.20.52 www2.ndhosting.com O1 - Hosts: 66.159.20.52 www.ndhosting.com O1 - Hosts: 66.159.20.52 www.kinghost.com O1 - Hosts: 66.159.20.52 kinghost.com O1 - Hosts: 66.159.20.52 www1.kinghost.com O1 - Hosts: 66.159.20.52 www2.kinghost.com O1 - Hosts: 66.159.20.52 www3.kinghost.com O1 - Hosts: 66.159.20.52 www4.kinghost.com O1 - Hosts: 66.159.20.52 www5.kinghost.com O1 - Hosts: 66.159.20.52 www6.kinghost.com O1 - Hosts: 66.159.20.52 www7.kinghost.com O1 - Hosts: 66.159.20.52 www8.kinghost.com O1 - Hosts: 66.159.20.52 www9.kinghost.com O1 - Hosts: 66.159.20.52 www10.kinghost.com O1 - Hosts: 66.159.20.52 www.smutserver.com O1 - Hosts: 66.159.20.52 smutserver.com O1 - Hosts: 66.159.20.52 www1.smutserver.com O1 - Hosts: 66.159.20.52 www2.smutserver.com O1 - Hosts: 66.159.20.52 www16.smutserver.com O1 - Hosts: 66.159.20.52 www3.smutserver.com O1 - Hosts: 66.159.20.52 www4.smutserver.com O1 - Hosts: 66.159.20.52 www5.smutserver.com O1 - Hosts: 66.159.20.52 www6.smutserver.com O1 - Hosts: 66.159.20.52 www7.smutserver.com O1 - Hosts: 66.159.20.52 www8.smutserver.com O1 - Hosts: 66.159.20.52 www9.smutserver.com O1 - Hosts: 66.159.20.52 www10.smutserver.com O1 - Hosts: 66.159.20.52 www11.smutserver.com O1 - Hosts: 66.159.20.52 www12.smutserver.com O1 - Hosts: 66.159.20.52 www13.smutserver.com O1 - Hosts: 66.159.20.52 www14.smutserver.com O1 - Hosts: 66.159.20.52 www15.smutserver.com O1 - Hosts: 66.159.20.52 www17.smutserver.com O1 - Hosts: 66.159.20.52 www18.smutserver.com O1 - Hosts: 66.159.20.52 www19.smutserver.com O1 - Hosts: 66.159.20.52 www20.smutserver.com O1 - Hosts: 66.159.20.52 www21.smutserver.com O1 - Hosts: 66.159.20.52 www22.smutserver.com O1 - Hosts: 66.159.20.52 www23.smutserver.com O1 - Hosts: 66.159.20.52 www24.smutserver.com O1 - Hosts: 66.159.20.52 www25.smutserver.com O1 - Hosts: 66.159.20.52 www26.smutserver.com O1 - Hosts: 66.159.20.52 www27.smutserver.com O1 - Hosts: 66.159.20.52 www28.smutserver.com O1 - Hosts: 66.159.20.52 www29.smutserver.com O1 - Hosts: 66.159.20.52 www30.smutserver.com O1 - Hosts: 66.159.20.52 www31.smutserver.com O1 - Hosts: 66.159.20.52 www32.smutserver.com O1 - Hosts: 66.159.20.52 agreathost.net O1 - Hosts: 66.159.20.52 www.agreathost.net O1 - Hosts: 66.159.20.52 hotfreehost.com O1 - Hosts: 66.159.20.52 www.hotfreehost.com O1 - Hosts: 66.159.20.52 greatfreehost.com O1 - Hosts: 66.159.20.52 www.greatfreehost.com O1 - Hosts: 66.159.20.52 freesmutpages.com O1 - Hosts: 66.159.20.52 www.freesmutpages.com O1 - Hosts: 66.159.20.52 apornhost.com O1 - Hosts: 66.159.20.52 www.apornhost.com O1 - Hosts: 66.159.20.52 nasty-pages.com O1 - Hosts: 66.159.20.52 www.nasty-pages.com O1 - Hosts: 66.159.20.52 sexyfreehost.com O1 - Hosts: 66.159.20.52 www.sexyfreehost.com O1 - Hosts: 66.159.20.52 x4web.com O1 - Hosts: 66.159.20.52 www.x4web.com O1 - Hosts: 66.159.20.52 sexplanets.com O1 - Hosts: 66.159.20.52 www.sexplanets.com O1 - Hosts: 66.159.20.52 maxismut.com O1 - Hosts: 66.159.20.52 www.maxismut.com O1 - Hosts: 66.159.20.52 tgpfriendly.com O1 - Hosts: 66.159.20.52 www.tgpfriendly.com O1 - Hosts: 66.159.20.52 tgp-server.com O1 - Hosts: 66.159.20.52 www.tgp-server.com O1 - Hosts: 66.159.20.52 magnaplza.com O1 - Hosts: 66.159.20.52 www.magnaplza.com O1 - Hosts: 66.159.20.52 free-xxx-server.com O1 - Hosts: 66.159.20.52 www.free-xxx-server.com O1 - Hosts: 66.159.20.52 libereco.net O1 - Hosts: 66.159.20.52 www.libereco.net O1 - Hosts: 66.159.20.52 0190-dialer.com O1 - Hosts: 64.135.204.60 www.0190-dialer.com O1 - Hosts: 66.159.20.52 xxxod.net O1 - Hosts: 66.159.20.52 www.xxxod.net O1 - Hosts: 66.159.20.52 altsights.com O1 - Hosts: 66.159.20.52 www.altsights.com O1 - Hosts: 66.159.20.52 adulthosting.com O1 - Hosts: 66.159.20.52 www.adulthosting.com O1 - Hosts: 66.159.20.52 superhova.com O1 - Hosts: 66.159.20.52 www.superhova.com O1 - Hosts: 66.159.20.52 bestpornhost.com O1 - Hosts: 66.159.20.52 www.bestpornhost.com O1 - Hosts: 66.159.20.52 hostingfree.com O1 - Hosts: 66.159.20.52 www.hostingfree.com O1 - Hosts: 66.159.20.52 xfreehosting.com O1 - Hosts: 66.159.20.52 www.xfreehosting.com O1 - Hosts: 66.159.20.52 blinghosting.com O1 - Hosts: 66.159.20.52 www.blinghosting.com O1 - Hosts: 66.159.20.52 x-x-x-hosting.com O1 - Hosts: 66.159.20.52 www.x-x-x-hosting.com O1 - Hosts: 66.159.20.52 pornparks.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINNT\System32\DReplace.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.exe O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.exe -CHECK O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Winsock2] WINNNT.exe O4 - HKLM\..\Run: [rundll134] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\ttg.exe O4 - HKLM\..\Run: [rundll777] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\mdll.exe O4 - HKLM\..\Run: [rundll946] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\secure.bat O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [keymgrldr] rundll32 setupapi,InstallHinfSection Oemkeymgr9x 128 keymgr3.inf O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKCU\..\Run: [asianavenue email alert] C:\Program Files\email alert\asianavenue\asavalert.exe -auto O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [MutexServiceEx] Sys32Smm.exe /run O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://64.124.5.52/Java/cfs31229.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - ftp://download2.us4.outblaze.com/download/asianavenue.com/emailalert/asianavenue_mcea115.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab IS THERE ANY WAY TO GET ALL THIS CRAP OFF MY COMPUTER?? ESPECIALLY THE HOST 66.159.20.52 THAT FLOODED ME WITH ALL THAT XXX CRAP. I DID WHAT YOU TOLD ME..PLEASE REPLY BACK...THANKS, ANDY

Download, unzip and run Process Explorer and end process (kill) on the following: C:\WINNT\SYSTEM32\SECURITY\BIN\ttg.exe C:\WINNT\Sys32Smm.exe C:\winnt\system32\security\bin\secure.exe C:\WINNT\system32\security\bin\winnnt.exe Process Explorer Then run HijackThis again and check the following items. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer in Safe Mode when you're done. O4 - HKLM\..\Run: [Winsock2] WINNNT.exe O4 - HKLM\..\Run: [rundll134] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\ttg.exe O4 - HKLM\..\Run: [rundll777] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\mdll.exe O4 - HKLM\..\Run: [rundll946] C:\WINNT\SYSTEM32\SECURITY\BIN\die.exe C:\WINNT\SYSTEM32\SECURITY\BIN\secure.bat O4 - HKCU\..\Run: [MutexServiceEx] Sys32Smm.exe /run Once in safe mode delete the C:\WINNT\SYSTEM32\SECURITY folder. Reboot to Windows and download and run CWShredder: CWShredder After running CWShredder, reboot and run Hijack again and post a new log.

I DID EXACTLY WHAT YOU SAID...AND THIS IS WHAT I GOT AFTER RERUNING HIJACKED.... Logfile of HijackThis v1.97.5 Scan saved at 3:46:38 AM, on 11/26/2003 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\Documents and Settings\Administrator\Desktop\ident\Identd.exe C:\Program Files\Norton Utilities\NPROTECT.exe C:\WINNT\System32\QCONSVC.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\wanmpsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\iVasion\WinPoET\WrOS.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.exe C:\WINNT\System32\tp4serv.exe C:\WINNT\AGRSMMSG.exe C:\WINNT\System32\PRPCUI.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.exe C:\WINNT\System32\RunDll32.exe C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\WINNT\system32\dla\tfswctrl.exe C:\Program Files\Winamp\Winampa.exe C:\WINNT\loadqm.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Webroot\Accelerate\accelerate.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Norton Utilities\SYSDOC32.exe C:\Program Files\IMsecure\IMsecure.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Documents and Settings\Administrator\My Documents\HTML\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/ F2 - REG:system.ini: UserInit= O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.exe O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.exe -CHECK O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S O4 - HKCU\..\Run: [asianavenue email alert] C:\Program Files\email alert\asianavenue\asavalert.exe -auto O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://64.124.5.52/Java/cfs31229.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - ftp://download2.us4.outblaze.com/download/asianavenue.com/emailalert/asianavenue_mcea115.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.sc5.yahoo.com/v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

That looks a whole lot better! Your log is clean. Do a find files for Sys32Smm.exe and email me a zipped copy to analyze. Click my name for the email addy.

Hi, can you help? I seem to have picked up a trojan that is causing some redirects to these porn pages, and possibly slowing things down overall. I'm a little worried about what else it's doing. http://www.kinghost.com/notfound/ http://www.3wisp.com/notfound/ Also, my www.monster.com doesn't seem to open now - going here instead http://service.bfast.com/bfast/click?bfmid=37921049&siteid=39858738&bfpage=text1 , but I can navigate to it through a bookmark from within the site. I deleted cookies, cleared my cache, ran my virus check and Spybot. The Viruscheck quarantined some files, but there has been no effect on this. I ran HijackThis - here's my file. Thanks! Logfile of HijackThis v1.97.7 Scan saved at 11:32:38 PM, on 12/12/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\MMKeybd.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\System32\Keyhost.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Tukati\Redistributor\1\TukatiRedistributor.exe C:\Program Files\Netropa\Traymon.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\WallpaperToy\Wallpapertoy.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.exe C:\Documents and Settings\Paul\Local Settings\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.0&bm=ho_search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A86E437C-015D-4839-A3D3-D3CD086D6ABE} - (no file) O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe O4 - HKCU\..\Run: [Tukati:1] C:\Program Files\Tukati\Redistributor\1\TukatiRedistributor.exe -r:1 -x:1 O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1071201955531 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.41/0552b04cf73aad417819/netzip/RdxIE.cab O16 - DPF: {38911EED-5726-41B4-9612-265534EC7A13} (Address Magic Web Edition Download Stub) - http://www.returnpath.net/ecoaservices/address_book/WebEdition.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} (GigexCtrl ActiveX) - http://www.gigex.com/tv/igor/gigexagent.dll O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37586.8218518519 O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivex.ocx O16 - DPF: {A28ED82F-EB06-4FD7-80C2-07A38488CA60} (MediaProj.VerizonMediaControl) - http://a1040.g.akamai.net/f/1040/759/1h/pic.infospace.com/vzn.dsl/broadband/mc/cab/vznmcplayer.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/verizon/darkorbit/install.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_6.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.7.20.20/tukati.cab