Logfile of HijackThis v1.99.0
Scan saved at 1:35:28 AM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\SK9910DM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
G:\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\WINDOWS\FSScrCtl.exe
C:\WINDOWS\inetm\winlogon.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\Cursors\vssabr.exe
C:\WINDOWS\System32\nvsvc32.exe
G:\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\inetm\explorer.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\Documents and Settings\Doll.DOLLY\Desktop\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\DOLL~1.DOL\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\DOLL~1.DOL\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlygoodsearch.com/10040/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\DOLL~1.DOL\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\DOLL~1.DOL\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\DOLL~1.DOL\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\DOLL~1.DOL\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rundlg32.dll
F3 - REG:win.ini: run=C:\WINDOWS\inetm\winlogon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Doll\Application Data\Mozilla\Profiles\default\X0M8CH5P.SLT\prefs.js)
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rundlg32.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inetm\1.02.05.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - (no file)
O2 - BHO: CATLEvents Object - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rundlg32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [*imgdns] C:\WINDOWS\Tasks\imgdns.exe
O4 - HKLM\..\Run: [*baswin] C:\WINDOWS\Web\baswin.exe
O4 - HKLM\..\Run: [*doclog] C:\WINDOWS\Cursors\doclog.exe
O4 - HKLM\..\Run: [*cabmain] C:\WINDOWS\Help\cabmain.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - HKLM\..\Run: [*iisdos] C:\WINDOWS\msagent\iisdos.exe
O4 - HKLM\..\Run: [*basav] C:\WINDOWS\Registration\basav.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*cas] C:\WINDOWS\Fonts\cas.exe
O4 - HKLM\..\Run: [*msnet] C:\WINDOWS\AppPatch\msnet.exe
O4 - HKLM\..\Run: [*crlog] C:\WINDOWS\ServicePackFiles\crlog.exe
O4 - HKLM\..\Run: [NAV Agent] G:\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [*infomp3] C:\WINDOWS\system\Crescendo\infomp3.exe
O4 - HKLM\..\Run: [*crole] C:\WINDOWS\system32\tenarchlib\crole.exe
O4 - HKLM\..\Run: [*docvss] C:\WINDOWS\AppPatch\docvss.exe
O4 - HKLM\..\Run: [*diskplay] C:\WINDOWS\Config\diskplay.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\security\templates\tapieula.exe
O4 - HKLM\..\Run: [*dllsys] C:\WINDOWS\Tasks\dllsys.exe
O4 - HKLM\..\Run: [*rasnet] C:\WINDOWS\AppPatch\rasnet.exe
O4 - HKLM\..\Run: [*msav] C:\WINDOWS\Help\msav.exe
O4 - HKLM\..\Run: [*odbcreg] C:\WINDOWS\system\Drivers\odbcreg.exe
O4 - HKLM\..\Run: [*wavevb] C:\WINDOWS\Tasks\wavevb.exe
O4 - HKLM\..\Run: [*catrun] C:\WINDOWS\inf\INFBACK\catrun.exe
O4 - HKLM\..\Run: [*jpegkey] C:\WINDOWS\AppPatch\jpegkey.exe
O4 - HKLM\..\Run: [*accad] C:\WINDOWS\Fonts\accad.exe
O4 - HKLM\..\Run: [*inetrun] C:\WINDOWS\Config\inetrun.exe
O4 - HKLM\..\Run: [*svrrun] C:\WINDOWS\Cursors\svrrun.exe
O4 - HKLM\..\Run: [*taskfax] C:\WINDOWS\Registration\taskfax.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [*regiis] C:\WINDOWS\Help\Tours\htmlTour\regiis.exe
O4 - HKLM\..\Run: [*oles] C:\WINDOWS\java\Packages\oles.exe
O4 - HKLM\..\Run: [*faxlog] C:\WINDOWS\Registration\faxlog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [*fontplay] C:\WINDOWS\msagent\CHARS\fontplay.exe
O4 - HKLM\..\Run: [*tapimfc] C:\WINDOWS\system\Crescendo\tapimfc.exe
O4 - HKLM\..\Run: [*iiss] C:\WINDOWS\Registration\iiss.exe
O4 - HKLM\..\Run: [*crs] C:\WINDOWS\Driver Cache\crs.exe
O4 - HKLM\..\Run: [*mainas] C:\WINDOWS\Cursors\mainas.exe
O4 - HKLM\..\RunOnce: [*wavevb] C:\WINDOWS\Tasks\wavevb.exe rerun
O4 - HKLM\..\RunOnce: [*tapieula] C:\WINDOWS\security\templates\tapieula.exe rerun
O4 - HKLM\..\RunOnce: [*msav] C:\WINDOWS\Help\msav.exe rerun
O4 - HKLM\..\RunOnce: [*svrrun] C:\WINDOWS\Cursors\svrrun.exe rerun
O4 - HKLM\..\RunOnce: [*fontplay] C:\WINDOWS\msagent\CHARS\fontplay.exe rerun
O4 - HKLM\..\RunOnce: [*mainas] C:\WINDOWS\Cursors\mainas.exe rerun
O4 - HKLM\..\RunOnce: [*iiss] C:\WINDOWS\Registration\iiss.exe rerun
O4 - HKLM\..\RunOnce: [*crs] C:\WINDOWS\Driver Cache\crs.exe rerun
O4 - HKLM\..\RunOnce: [*imgdns] C:\WINDOWS\Tasks\imgdns.exe rerun
O4 - HKLM\..\RunOnce: [*oles] C:\WINDOWS\java\Packages\oles.exe rerun
O4 - HKLM\..\RunOnce: [*doclog] C:\WINDOWS\Cursors\doclog.exe rerun
O4 - HKLM\..\RunOnce: [*regiis] C:\WINDOWS\Help\Tours\htmlTour\regiis.exe rerun
O4 - HKLM\..\RunOnce: [*catrun] C:\WINDOWS\inf\INFBACK\catrun.exe rerun
O4 - HKLM\..\RunOnce: [*accad] C:\WINDOWS\Fonts\accad.exe rerun
O4 - HKLM\..\RunOnce: [*basav] C:\WINDOWS\Registration\basav.exe rerun
O4 - HKLM\..\RunOnce: [*tapimfc] C:\WINDOWS\system\Crescendo\tapimfc.exe rerun
O4 - HKLM\..\RunOnce: [*jpegkey] C:\WINDOWS\AppPatch\jpegkey.exe rerun
O4 - HKLM\..\RunOnce: [*cabmain] C:\WINDOWS\Help\cabmain.exe rerun
O4 - HKLM\..\RunOnce: [*rasnet] C:\WINDOWS\AppPatch\rasnet.exe rerun
O4 - HKLM\..\RunOnce: [*dllsys] C:\WINDOWS\Tasks\dllsys.exe rerun
O4 - HKLM\..\RunOnce: [*docvss] C:\WINDOWS\AppPatch\docvss.exe rerun
O4 - HKLM\..\RunOnce: [*odbcreg] C:\WINDOWS\system\Drivers\odbcreg.exe rerun
O4 - HKLM\..\RunOnce: [*crlog] C:\WINDOWS\ServicePackFiles\crlog.exe rerun
O4 - HKLM\..\RunOnce: [*faxlog] C:\WINDOWS\Registration\faxlog.exe rerun
O4 - HKLM\..\RunOnce: [*msnet] C:\WINDOWS\AppPatch\msnet.exe rerun
O4 - HKLM\..\RunOnce: [*diskplay] C:\WINDOWS\Config\diskplay.exe rerun
O4 - HKLM\..\RunOnce: [*baswin] C:\WINDOWS\Web\baswin.exe rerun
O4 - HKLM\..\RunOnce: [*inetrun] C:\WINDOWS\Config\inetrun.exe rerun
O4 - HKLM\..\RunOnce: [*iisdos] C:\WINDOWS\msagent\iisdos.exe rerun
O4 - HKLM\..\RunOnce: [*crole] C:\WINDOWS\system32\tenarchlib\crole.exe rerun
O4 - HKLM\..\RunOnce: [*cas] C:\WINDOWS\Fonts\cas.exe rerun
O4 - HKLM\..\RunOnce: [*infomp3] C:\WINDOWS\system\Crescendo\infomp3.exe rerun
O4 - HKLM\..\RunOnce: [*taskfax] C:\WINDOWS\Registration\taskfax.exe rerun
O4 - HKLM\..\RunOnce: [*tcpsrv] C:\WINDOWS\Fonts\tcpsrv.exe rerun
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\Cursors\vssabr.exe ren
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Ran Adaware, and Spybot, also took out the r1's and r0's with HJT.
second log:
Logfile of HijackThis v1.99.0
Scan saved at 2:08:37 AM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inetm\winlogon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\SK9910DM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
G:\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\System32\nvsvc32.exe
G:\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Documents and Settings\Doll.DOLLY\Desktop\hjt\HijackThis.exe
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inetm\winlogon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Doll\Application Data\Mozilla\Profiles\default\X0M8CH5P.SLT\prefs.js)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CATLEvents Object - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [*imgdns] C:\WINDOWS\Tasks\imgdns.exe
O4 - HKLM\..\Run: [*baswin] C:\WINDOWS\Web\baswin.exe
O4 - HKLM\..\Run: [*doclog] C:\WINDOWS\Cursors\doclog.exe
O4 - HKLM\..\Run: [*cabmain] C:\WINDOWS\Help\cabmain.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - HKLM\..\Run: [*iisdos] C:\WINDOWS\msagent\iisdos.exe
O4 - HKLM\..\Run: [*basav] C:\WINDOWS\Registration\basav.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*cas] C:\WINDOWS\Fonts\cas.exe
O4 - HKLM\..\Run: [*msnet] C:\WINDOWS\AppPatch\msnet.exe
O4 - HKLM\..\Run: [*crlog] C:\WINDOWS\ServicePackFiles\crlog.exe
O4 - HKLM\..\Run: [NAV Agent] G:\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [*infomp3] C:\WINDOWS\system\Crescendo\infomp3.exe
O4 - HKLM\..\Run: [*crole] C:\WINDOWS\system32\tenarchlib\crole.exe
O4 - HKLM\..\Run: [*docvss] C:\WINDOWS\AppPatch\docvss.exe
O4 - HKLM\..\Run: [*diskplay] C:\WINDOWS\Config\diskplay.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\security\templates\tapieula.exe
O4 - HKLM\..\Run: [*dllsys] C:\WINDOWS\Tasks\dllsys.exe
O4 - HKLM\..\Run: [*rasnet] C:\WINDOWS\AppPatch\rasnet.exe
O4 - HKLM\..\Run: [*msav] C:\WINDOWS\Help\msav.exe
O4 - HKLM\..\Run: [*odbcreg] C:\WINDOWS\system\Drivers\odbcreg.exe
O4 - HKLM\..\Run: [*wavevb] C:\WINDOWS\Tasks\wavevb.exe
O4 - HKLM\..\Run: [*catrun] C:\WINDOWS\inf\INFBACK\catrun.exe
O4 - HKLM\..\Run: [*jpegkey] C:\WINDOWS\AppPatch\jpegkey.exe
O4 - HKLM\..\Run: [*accad] C:\WINDOWS\Fonts\accad.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [*oles] C:\WINDOWS\java\Packages\oles.exe
O4 - HKLM\..\Run: [*faxlog] C:\WINDOWS\Registration\faxlog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [*fontplay] C:\WINDOWS\msagent\CHARS\fontplay.exe
O4 - HKLM\..\Run: [*tapimfc] C:\WINDOWS\system\Crescendo\tapimfc.exe
O4 - HKLM\..\Run: [*iiss] C:\WINDOWS\Registration\iiss.exe
O4 - HKLM\..\Run: [*crs] C:\WINDOWS\Driver Cache\crs.exe
O4 - HKLM\..\Run: [*mainas] C:\WINDOWS\Cursors\mainas.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [*tcpsrv] C:\WINDOWS\Fonts\tcpsrv.exe
O4 - HKLM\..\RunOnce: [*cabmain] C:\WINDOWS\Help\cabmain.exe rerun
O4 - HKLM\..\RunOnce: [*baswin] C:\WINDOWS\Web\baswin.exe rerun
O4 - HKLM\..\RunOnce: [*cas] C:\WINDOWS\Fonts\cas.exe rerun
O4 - HKLM\..\RunOnce: [*crole] C:\WINDOWS\system32\tenarchlib\crole.exe rerun
O4 - HKLM\..\RunOnce: [*imgdns] C:\WINDOWS\Tasks\imgdns.exe rerun
O4 - HKLM\..\RunOnce: [*doclog] C:\WINDOWS\Cursors\doclog.exe rerun
O4 - HKLM\..\RunOnce: [*msnet] C:\WINDOWS\AppPatch\msnet.exe rerun
O4 - HKLM\..\RunOnce: [*tapieula] C:\WINDOWS\security\templates\tapieula.exe rerun
O4 - HKLM\..\RunOnce: [*dllsys] C:\WINDOWS\Tasks\dllsys.exe rerun
O4 - HKLM\..\RunOnce: [*jpegkey] C:\WINDOWS\AppPatch\jpegkey.exe rerun
O4 - HKLM\..\RunOnce: [*faxlog] C:\WINDOWS\Registration\faxlog.exe rerun
O4 - HKLM\..\RunOnce: [*accad] C:\WINDOWS\Fonts\accad.exe rerun
O4 - HKLM\..\RunOnce: [*tapimfc] C:\WINDOWS\system\Crescendo\tapimfc.exe rerun
O4 - HKLM\..\RunOnce: [*mainas] C:\WINDOWS\Cursors\mainas.exe rerun
O4 - HKLM\..\RunOnce: [*fontplay] C:\WINDOWS\msagent\CHARS\fontplay.exe rerun
O4 - HKLM\..\RunOnce: [*odbcreg] C:\WINDOWS\system\Drivers\odbcreg.exe rerun
O4 - HKLM\..\RunOnce: [*crs] C:\WINDOWS\Driver Cache\crs.exe rerun
O4 - HKLM\..\RunOnce: [*iiss] C:\WINDOWS\Registration\iiss.exe rerun
O4 - HKLM\..\RunOnce: [*wavevb] C:\WINDOWS\Tasks\wavevb.exe rerun
O4 - HKLM\..\RunOnce: [*catrun] C:\WINDOWS\inf\INFBACK\catrun.exe rerun
O4 - HKLM\..\RunOnce: [*tcpsrv] C:\WINDOWS\Fonts\tcpsrv.exe rerun
O4 - HKLM\..\RunOnce: [*iisdos] C:\WINDOWS\msagent\iisdos.exe rerun
O4 - HKLM\..\RunOnce: [*basav] C:\WINDOWS\Registration\basav.exe rerun
O4 - HKLM\..\RunOnce: [*crlog] C:\WINDOWS\ServicePackFiles\crlog.exe rerun
O4 - HKLM\..\RunOnce: [*oles] C:\WINDOWS\java\Packages\oles.exe rerun
O4 - HKLM\..\RunOnce: [*infomp3] C:\WINDOWS\system\Crescendo\infomp3.exe rerun
O4 - HKLM\..\RunOnce: [*docvss] C:\WINDOWS\AppPatch\docvss.exe rerun
O4 - HKLM\..\RunOnce: [*diskplay] C:\WINDOWS\Config\diskplay.exe rerun
O4 - HKLM\..\RunOnce: [*msav] C:\WINDOWS\Help\msav.exe rerun
O4 - HKLM\..\RunOnce: [*rasnet] C:\WINDOWS\AppPatch\rasnet.exe rerun
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Fixed r3 line with HJT, ran Stinger, can't find a certain program I have on my main system.
next log.
Logfile of HijackThis v1.99.0
Scan saved at 11:06:06 AM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inetm\winlogon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\SK9910DM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
G:\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\System32\nvsvc32.exe
G:\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Doll.DOLLY\Desktop\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
F3 - REG:win.ini: run=C:\WINDOWS\inetm\winlogon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Doll\Application Data\Mozilla\Profiles\default\X0M8CH5P.SLT\prefs.js)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [*imgdns] C:\WINDOWS\Tasks\imgdns.exe
O4 - HKLM\..\Run: [*baswin] C:\WINDOWS\Web\baswin.exe
O4 - HKLM\..\Run: [*doclog] C:\WINDOWS\Cursors\doclog.exe
O4 - HKLM\..\Run: [*cabmain] C:\WINDOWS\Help\cabmain.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - HKLM\..\Run: [*iisdos] C:\WINDOWS\msagent\iisdos.exe
O4 - HKLM\..\Run: [*basav] C:\WINDOWS\Registration\basav.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [*cas] C:\WINDOWS\Fonts\cas.exe
O4 - HKLM\..\Run: [*msnet] C:\WINDOWS\AppPatch\msnet.exe
O4 - HKLM\..\Run: [*crlog] C:\WINDOWS\ServicePackFiles\crlog.exe
O4 - HKLM\..\Run: [NAV Agent] G:\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [*infomp3] C:\WINDOWS\system\Crescendo\infomp3.exe
O4 - HKLM\..\Run: [*crole] C:\WINDOWS\system32\tenarchlib\crole.exe
O4 - HKLM\..\Run: [*docvss] C:\WINDOWS\AppPatch\docvss.exe
O4 - HKLM\..\Run: [*diskplay] C:\WINDOWS\Config\diskplay.exe
O4 - HKLM\..\Run: [*tapieula] C:\WINDOWS\security\templates\tapieula.exe
O4 - HKLM\..\Run: [*dllsys] C:\WINDOWS\Tasks\dllsys.exe
O4 - HKLM\..\Run: [*rasnet] C:\WINDOWS\AppPatch\rasnet.exe
O4 - HKLM\..\Run: [*msav] C:\WINDOWS\Help\msav.exe
O4 - HKLM\..\Run: [*odbcreg] C:\WINDOWS\system\Drivers\odbcreg.exe
O4 - HKLM\..\Run: [*wavevb] C:\WINDOWS\Tasks\wavevb.exe
O4 - HKLM\..\Run: [*catrun] C:\WINDOWS\inf\INFBACK\catrun.exe
O4 - HKLM\..\Run: [*jpegkey] C:\WINDOWS\AppPatch\jpegkey.exe
O4 - HKLM\..\Run: [*accad] C:\WINDOWS\Fonts\accad.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [*oles] C:\WINDOWS\java\Packages\oles.exe
O4 - HKLM\..\Run: [*faxlog] C:\WINDOWS\Registration\faxlog.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [*fontplay] C:\WINDOWS\msagent\CHARS\fontplay.exe
O4 - HKLM\..\Run: [*tapimfc] C:\WINDOWS\system\Crescendo\tapimfc.exe
O4 - HKLM\..\Run: [*iiss] C:\WINDOWS\Registration\iiss.exe
O4 - HKLM\..\Run: [*crs] C:\WINDOWS\Driver Cache\crs.exe
O4 - HKLM\..\Run: [*mainas] C:\WINDOWS\Cursors\mainas.exe
O4 - HKLM\..\Run: [*tcpsrv] C:\WINDOWS\Fonts\tcpsrv.exe
O4 - HKLM\..\RunOnce: [*cabmain] C:\WINDOWS\Help\cabmain.exe rerun
O4 - HKLM\..\RunOnce: [*baswin] C:\WINDOWS\Web\baswin.exe rerun
O4 - HKLM\..\RunOnce: [*cas] C:\WINDOWS\Fonts\cas.exe rerun
O4 - HKLM\..\RunOnce: [*crole] C:\WINDOWS\system32\tenarchlib\crole.exe rerun
O4 - HKLM\..\RunOnce: [*imgdns] C:\WINDOWS\Tasks\imgdns.exe rerun
O4 - HKLM\..\RunOnce: [*doclog] C:\WINDOWS\Cursors\doclog.exe rerun
O4 - HKLM\..\RunOnce: [*msnet] C:\WINDOWS\AppPatch\msnet.exe rerun
O4 - HKLM\..\RunOnce: [*tapieula] C:\WINDOWS\security\templates\tapieula.exe rerun
O4 - HKLM\..\RunOnce: [*dllsys] C:\WINDOWS\Tasks\dllsys.exe rerun
O4 - HKLM\..\RunOnce: [*jpegkey] C:\WINDOWS\AppPatch\jpegkey.exe rerun
O4 - HKLM\..\RunOnce: [*faxlog] C:\WINDOWS\Registration\faxlog.exe rerun
O4 - HKLM\..\RunOnce: [*accad] C:\WINDOWS\Fonts\accad.exe rerun
O4 - HKLM\..\RunOnce: [*tapimfc] C:\WINDOWS\system\Crescendo\tapimfc.exe rerun
O4 - HKLM\..\RunOnce: [*mainas] C:\WINDOWS\Cursors\mainas.exe rerun
O4 - HKLM\..\RunOnce: [*fontplay] C:\WINDOWS\msagent\CHARS\fontplay.exe rerun
O4 - HKLM\..\RunOnce: [*odbcreg] C:\WINDOWS\system\Drivers\odbcreg.exe rerun
O4 - HKLM\..\RunOnce: [*crs] C:\WINDOWS\Driver Cache\crs.exe rerun
O4 - HKLM\..\RunOnce: [*iiss] C:\WINDOWS\Registration\iiss.exe rerun
O4 - HKLM\..\RunOnce: [*wavevb] C:\WINDOWS\Tasks\wavevb.exe rerun
O4 - HKLM\..\RunOnce: [*catrun] C:\WINDOWS\inf\INFBACK\catrun.exe rerun
O4 - HKLM\..\RunOnce: [*tcpsrv] C:\WINDOWS\Fonts\tcpsrv.exe rerun
O4 - HKLM\..\RunOnce: [*iisdos] C:\WINDOWS\msagent\iisdos.exe rerun
O4 - HKLM\..\RunOnce: [*basav] C:\WINDOWS\Registration\basav.exe rerun
O4 - HKLM\..\RunOnce: [*crlog] C:\WINDOWS\ServicePackFiles\crlog.exe rerun
O4 - HKLM\..\RunOnce: [*oles] C:\WINDOWS\java\Packages\oles.exe rerun
O4 - HKLM\..\RunOnce: [*infomp3] C:\WINDOWS\system\Crescendo\infomp3.exe rerun
O4 - HKLM\..\RunOnce: [*docvss] C:\WINDOWS\AppPatch\docvss.exe rerun
O4 - HKLM\..\RunOnce: [*diskplay] C:\WINDOWS\Config\diskplay.exe rerun
O4 - HKLM\..\RunOnce: [*msav] C:\WINDOWS\Help\msav.exe rerun
O4 - HKLM\..\RunOnce: [*rasnet] C:\WINDOWS\AppPatch\rasnet.exe rerun
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
I don't know what to do now, I installed Spyware Guard, and reset the start page on IE, but I keep getting a popup that wants to reset the home page, but spyware guard is preventing it.