Unpack to your desktop and run it. If you have green print at the top then just press Restore Original Hosts then OK.
IF you have red print then press make Hosts Writeable first.
Also download and install ccleaner.exe from
http://www.ccleaner.com. Don't let
it clean anything yet.
Shutdown and restart and
Boot into Safe Mode by tapping the F8 key when you see the PC maker's logo.
Keep tapping until it tells you it is going to Safe Mode or you see the Safe
Mode menu. Select the top option.
I'm still unable to access the internet. I've tried reloading from Dell CD that came with the computer but no luck. Does Line 010 mean a large disaster? Since i was unable to access the internet, I did run SpyDoctor and Registery Mech. in safe mode, I realize it isn't the cleaner that you suggested.
Here's my new file:
Logfile of HijackThis v1.99.1 Scan saved at 6:50:30 AM, on 10/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I ran netsh Winsock reset with success, but still unable to access the internet. I get an error message saying it needs to shut down. I can copy the report, but it is very long.
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following, and then press ENTER:
netsh Winsock reset
When the program is finished, you will receive the following message:
Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset.
Restart and see if you can now get to the internet.
The file that is missing in the O10 is part of your wireless service so you may need to reload your wireless card software.
Then File, Save and File, Exit. (The line under the first one is added by the forum. You just need to type the letters.) Close HijackThis and then try to open Internet Explorer.
Any difference now?
Also what happens if you boot into Safe Mode and select the Safe Mode with Networking option?
the internet is trying to start, but a white screen. It is trying to load this site automatically, but then i get the error message that the internet needs to be shut down. Thought this info might help.
Just since the internet has been on in safe mode with network options, i've already had the following pop-ups (let me know if this info isn't helping):
Ok, i'm ON the internet in safe mode with networking options. When i'm in safe mode the screen logo's are huge, as i'm hoping is supposed to be the case.
I'm doing something wrong in hijack this. When i open there are not any options at the top and at the bottom i have "scan and fix stuff" and "other Stuff." So i'm not sure where to find the options that you talk about.
Before i went into safe mode, i got the following pop up along with the already mentioned.
http://64.192.130.141.cgi-bin/keyword V2?query=smilies-microsoft internet explorer
Hoster just corrects any bad entries in your hosts file. Something like 127.0.0.1 semantec.com which would keep you from going to semantec for an antivirus update.
deldomain removes any entries in IE's trusted zone (malware likes to put itself there but it does show up in HijackThis so you know its there) and your restricted zone (malware likes to put antivirus sites there. These do not show up in hijackthis so you don't know they are there until you try to go to them and can't get there.)
ccleaner as I use it clears the files from your temp folders. Another place where malware likes to hide. As a side benefit you get lots of drive space freed up.
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #2
for Run Fix and then press enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer (takes a while)
and when it's finished, notepad will open with a log. Save the log where you can find it again.
The log may be a bit large for this forum. You can send it to me as an attachment directly at rkinner AT att DOT net with subject DELL happy456
I'm still getting pop ups and unable to access the internet outside of safe mode with network options.
Logfile of HijackThis v1.99.1 Scan saved at 8:21:25 PM, on 10/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
RKinner
2 Intern
•
5.9K Posts
0
October 5th, 2005 01:00
http://www.funkytoad.com/
IF you have red print then press make Hosts Writeable first.
http://www.mvps.org/winhelp2002/DelDomains.inf and then right click on it and Install.
Also download and install ccleaner.exe from http://www.ccleaner.com. Don't let
it clean anything yet.
Boot into Safe Mode by tapping the F8 key when you see the PC maker's logo.
Keep tapping until it tells you it is going to Safe Mode or you see the Safe
Mode menu. Select the top option.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {94353D75-83E5-A945-E71F-F57A91EA0CC9} - C:\WINDOWS\system32\lzhfnlj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
O4 - HKLM\..\Run: [cashplusmedia1.exeTR] C:\WINDOWS\system32\cashplusmedia1.exeTR
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
Press Fix Checked and ignore any warnings.
Run ccleaner.exe, uncheck everything on the first page except the two entries
with Temporary and then Run Cleaner.
Reboot into regular mode
Message Edited by RKinner on 10-04-2005 10:00 PM
happy456
48 Posts
0
October 5th, 2005 15:00
Ron, Thank you for your time! Sincerely!
I'm still unable to access the internet. I've tried reloading from Dell CD that came with the computer but no luck. Does Line 010 mean a large disaster? Since i was unable to access the internet, I did run SpyDoctor and Registery Mech. in safe mode, I realize it isn't the cleaner that you suggested.
Here's my new file:
Scan saved at 6:50:30 AM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\RGF2aWQgTWlsb3kA\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell TrueMobile 5100\GPRS Manager.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\rdso\eetu.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GPRSManager] "C:\Program Files\Dell TrueMobile 5100\GPRS Manager.exe" -startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kss4lp.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'vnsp.dll' missing
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.paltalk.com/webclienttest/webclientctl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://eclinicalworks.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\doband.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGF2aWQgTWlsb3kA\command.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
happy456
48 Posts
0
October 5th, 2005 15:00
PS - I just deleted 016 both e-clinical works and paltalk.
The most important file we have is Meditech and would rather not loose, but then again, whatever is necessary.
happy456
48 Posts
0
October 5th, 2005 15:00
I ran netsh Winsock reset with success, but still unable to access the internet. I get an error message saying it needs to shut down. I can copy the report, but it is very long.
RKinner
2 Intern
•
5.9K Posts
0
October 5th, 2005 15:00
At the command prompt, type the following, and then press ENTER:
netsh Winsock reset
When the program is finished, you will receive the following message:
Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset.
Message Edited by RKinner on 10-05-2005 11:45 AM
RKinner
2 Intern
•
5.9K Posts
0
October 5th, 2005 16:00
I wonder what it would do if we fake it out. In HijackThis, Misc Tools, Open Hosts file Manager, then Open in Notepad. Find the line that says
127.0.0.1 localhost
add directly under it these two line:
127.0.0.1 www.icannews.com
127.0.0.1 icannews.com
Then File, Save and File, Exit. (The line under the first one is added by the forum. You just need to type the letters.) Close HijackThis and then try to open Internet Explorer.
Any difference now?
happy456
48 Posts
0
October 5th, 2005 16:00
the internet is trying to start, but a white screen. It is trying to load this site automatically, but then i get the error message that the internet needs to be shut down. Thought this info might help.
www.icannews.com/cgi-bin popup v3? ID = BE8851e6.........
happy456
48 Posts
0
October 5th, 2005 18:00
Just since the internet has been on in safe mode with network options, i've already had the following pop-ups (let me know if this info isn't helping):
http://adopt.hbmediapro.com
http://oascentral.reamedia.com
www.102.coolsavings.com
www.shopathomeselect.com
URG. Thanks again!
Jennifer
happy456
48 Posts
0
October 5th, 2005 18:00
Ok, i'm ON the internet in safe mode with networking options. When i'm in safe mode the screen logo's are huge, as i'm hoping is supposed to be the case.
I'm doing something wrong in hijack this. When i open there are not any options at the top and at the bottom i have "scan and fix stuff" and "other Stuff." So i'm not sure where to find the options that you talk about.
Before i went into safe mode, i got the following pop up along with the already mentioned.
http://64.192.130.141.cgi-bin/keyword V2?query=smilies-microsoft internet explorer
Jennifer
happy456
48 Posts
0
October 5th, 2005 18:00
happy456
48 Posts
0
October 5th, 2005 19:00
I ran the ccleaner and others that you first instructed.
I will resend my hijack log shortly.
I'm stuck on the L2mfix. I have ONE icon on the computer. So i have it installed, but another folder doesn't appear. I'm doing something wrong!
happy456
48 Posts
0
October 5th, 2005 19:00
RKinner
2 Intern
•
5.9K Posts
0
October 5th, 2005 19:00
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #2 for Run Fix and then press enter,
then press any key to reboot your computer.
After a reboot, your desktop and icons will appear,
then disappear (this is normal).
L2mfix will continue to scan your computer (takes a while)
and when it's finished, notepad will open with a log.
Save the log where you can find it again.
RKinner
2 Intern
•
5.9K Posts
0
October 5th, 2005 22:00
C:\WINDOWS\system32\doband.dll
Run HijackThis and do a scan only and check this line:
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\doband.dll
Hopefully it says file missing or no file now.
Let's see a new log file.
Ron
happy456
48 Posts
0
October 6th, 2005 00:00
Scan saved at 8:21:25 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O2 - BHO: (no name) - {5C513940-DA61-A29D-0FEE-868B59304CDC} - C:\WINDOWS\system32\pjhdgebb\eqgjjbam.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {F350B920-1729-BC6A-A8D9-69849AE01E38} - C:\WINDOWS\Lnxhprcb.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\SYSTEM32\communicator.dll
O3 - Toolbar: Search - {70EAF3CE-2CDD-71E3-B94B-7D29D82071B4} - C:\WINDOWS\Lnxhprcb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GPRSManager] "C:\Program Files\Dell TrueMobile 5100\GPRS Manager.exe" -startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [180sa] c:\program files\180search assistant\180sa.exe
O4 - HKLM\..\Run: [xcuhg] C:\WINDOWS\system32\bvqaap\xcuhg.exe
O4 - HKLM\..\Run: [tgmw] C:\WINDOWS\system32\sjxoxpnx\tgmw.exe
O4 - HKLM\..\Run: [euldica] C:\WINDOWS\system32\yhoed\euldica.exe
O4 - HKLM\..\Run: [uojnemjx] C:\WINDOWS\system32\awaeku\uojnemjx.exe
O4 - HKLM\..\Run: [tbhgtt] C:\WINDOWS\system32\radg\tbhgtt.exe
O4 - HKLM\..\Run: [whkc] C:\WINDOWS\system32\tckt\whkc.exe
O4 - HKLM\..\Run: [xyyygib] C:\WINDOWS\system32\fhyhsubc\xyyygib.exe
O4 - HKLM\..\Run: [cqqye] C:\WINDOWS\system32\nvowr\cqqye.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [okusqemgcd] c:\windows\system32\okusqemgcd.exe -start
O4 - HKLM\..\Run: [mc-58-12-] C:\WINDOWS\system32\mc-58-12-
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\niirat.exe reg_run
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINDOWS\srchupdt.exe
O4 - HKLM\..\Run: [owsq] C:\WINDOWS\system32\tnirvsta\owsq.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt rbnd
O4 - HKCU\..\Run: [webbcc] C:\WINDOWS\system32\webbcc.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [webbcc] C:\WINDOWS\system32\webbcc.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: diip.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'vnsp.dll' missing
O20 - AppInit_DLLs: repairs302972943.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGF2aWQgTWlsb3kA\command.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: owsqtnirvsta - Unknown owner - C:\WINDOWS\system32\tnirvsta\owsq.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: whkctckt - Unknown owner - C:\WINDOWS\system32\tckt\whkc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE