Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
Scan saved at 9:48:09 PM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\netwy32.exe
C:\WINDOWS\addfd.exe
C:\WINDOWS\System32\wrphho.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Application Data\sosa.exe
C:\WINDOWS\System32\nvlm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tnkfi.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://tnkfi.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://tnkfi.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tnkfi.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://tnkfi.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tnkfi.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = res://tnkfi.dll/index.html#96676
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {910C0916-F0CB-AF9F-5171-D6E388933C0A} - C:\WINDOWS\system32\adddb.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [addfd.exe] C:\WINDOWS\addfd.exe
O4 - HKLM\..\Run: [jhzxontn] C:\WINDOWS\System32\wrphho.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aute] C:\Documents and Settings\Owner\Application Data\sosa.exe
O4 - HKCU\..\Run: [Duf] C:\WINDOWS\System32\nvlm.exe
O4 - HKLM\..\RunOnce: [netwy32.exe] C:\WINDOWS\netwy32.exe
O4 - HKLM\..\RunOnce: [addwq32.exe] C:\WINDOWS\system32\addwq32.exe
O4 - HKLM\..\RunOnce: [ntmo.exe] C:\WINDOWS\ntmo.exe
O4 - HKLM\..\RunOnce: [ntcf.exe] C:\WINDOWS\system32\ntcf.exe
O4 - HKLM\..\RunOnce: [atlmp.exe] C:\WINDOWS\atlmp.exe
O4 - HKLM\..\RunOnce: [winef.exe] C:\WINDOWS\system32\winef.exe
O4 - HKLM\..\RunOnce: [winru.exe] C:\WINDOWS\system32\winru.exe
O4 - HKLM\..\RunOnce: [ipit32.exe] C:\WINDOWS\ipit32.exe
O4 - HKLM\..\RunOnce: [ipgj32.exe] C:\WINDOWS\ipgj32.exe
O4 - HKLM\..\RunOnce: [d3ho.exe] C:\WINDOWS\d3ho.exe
O4 - HKLM\..\RunOnce: [d3lh.exe] C:\WINDOWS\system32\d3lh.exe
O4 - HKLM\..\RunOnce: [ieuf32.exe] C:\WINDOWS\system32\ieuf32.exe
O4 - HKLM\..\RunOnce: [sysyb.exe] C:\WINDOWS\sysyb.exe
O4 - HKLM\..\RunOnce: [apiyd.exe] C:\WINDOWS\apiyd.exe
O4 - HKLM\..\RunOnce: [javarz32.exe] C:\WINDOWS\system32\javarz32.exe
O4 - HKLM\..\RunOnce: [mfcdv32.exe] C:\WINDOWS\mfcdv32.exe
O4 - HKLM\..\RunOnce: [atllq.exe] C:\WINDOWS\atllq.exe
O4 - HKLM\..\RunOnce: [ntud.exe] C:\WINDOWS\ntud.exe
O4 - HKLM\..\RunOnce: [ntgc32.exe] C:\WINDOWS\ntgc32.exe
O4 - HKLM\..\RunOnce: [atlux32.exe] C:\WINDOWS\atlux32.exe
O4 - HKLM\..\RunOnce: [sysdt.exe] C:\WINDOWS\sysdt.exe
O4 - HKLM\..\RunOnce: [crci.exe] C:\WINDOWS\crci.exe
O4 - HKLM\..\RunOnce: [crbm32.exe] C:\WINDOWS\crbm32.exe
O4 - HKLM\..\RunOnce: [winli32.exe] C:\WINDOWS\system32\winli32.exe
O4 - HKLM\..\RunOnce: [javaih.exe] C:\WINDOWS\javaih.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\npqmkecy.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8173.4193518519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
