OK heres my HijackThis SystemScan and Logfile.
I really appreciate this guys
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:56:51 PM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Primary\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*
http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*
http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.*.attbi.com
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: (no name) - {6F8F6D52-E43E-F6A7-3704-C2291FA9AAF6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - (no file)
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v...86/client/wuweb_site.cab?1096690073375
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) -
http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/5m/...m/6712/player/install3.5/installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O24 - Desktop Component 0: (no name) -
http://us.news2.yimg.com/us.yimg.com/p/...4724.photo00.photo.default-378x279.jpg
O24 - Desktop Component 1: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/uc/20050125/sga050125.gif
O24 - Desktop Component 10: (no name) -
http://us.news3.yimg.com/img.news.yahoo...20050429%2Fcapt.mojf10804292314.sand_p
ainting_mojf108.jpg?v=1
O24 - Desktop Component 11: (no name) -
http://us.news3.yimg.com/img.news.yahoo...20050503%2Fcapt.bag12305032334.iraq__b
ag123.jpg?v=1
O24 - Desktop Component 12: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/uc/20050525/sga050525.gif
O24 - Desktop Component 13: (no name) -
http://us.news3.yimg.com/us.i2.yimg.com...380&y=276&sig=YuXOuB64DsL1yV_u9u027w--
O24 - Desktop Component 14: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/uc/20050527/sga050527.gif
O24 - Desktop Component 15: (no name) -
http://us.news3.yimg.com/us.i2.yimg.com...380&y=274&sig=7TCfRbN62hzXy8M0dlNaWw--
O24 - Desktop Component 16: (no name) -
http://news.nationalgeographic.com/news/2005/08/images/050831_new_orleans.jpg
O24 - Desktop Component 17: (no name) -
http://us.news3.yimg.com/us.i2.yimg.com...380&y=202&sig=qwiHLEhyFHnwhYgKE1Gxrg--
O24 - Desktop Component 18: (no name) -
http://us.news3.yimg.com/us.i2.yimg.com...262&y=345&sig=pO6wO6yHLyDQpbPEjcCK_A--
O24 - Desktop Component 19: (no name) -
http://us.news3.yimg.com/us.i2.yimg.com...238&y=345&sig=oIyu_DzXSreABiv1A3ZkNQ--
O24 - Desktop Component 2: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/uc/20050211/sga050211.gif
O24 - Desktop Component 20: (no name) -
http://us.news3.yimg.com/us.i2.yimg.com...259&y=345&sig=RHn0_Mjbi9m45m8RIUk1oQ--
O24 - Desktop Component 21: (no name) -
http://us.f527.mail.yahoo.com/ym/us/Sho...5&bodyPart=1.2&YY=85932&order=down&sor
t=date&pos=0&view=a&head=b&Idx=1
O24 - Desktop Component 22: (no name) -
http://us.f527.mail.yahoo.com/ym/us/Sho...136&bodyPart=6&YY=72986&y5beta=yes&ord
er=down&sort=date&pos=0&Idx=2
O24 - Desktop Component 23: (no name) -
http://us.f527.mail.yahoo.com/ym/us/Sho...136&bodyPart=6&YY=33940&y5beta=yes&ord
er=down&sort=date&pos=0&view=a&head=b&Idx=2
O24 - Desktop Component 24: (no name) -
http://us.f527.mail.yahoo.com/ym/us/Sho...136&bodyPart=6&YY=48591&order=down&sor
t=date&pos=0&Idx=3
O24 - Desktop Component 25: (no name) -
http://us.f527.mail.yahoo.com/ym/us/Sho...136&bodyPart=6&YY=17669&y5beta=yes&ord
er=down&sort=date&pos=0&view=a&head=b&Idx=5
O24 - Desktop Component 26: (no name) -
http://us.f527.mail.yahoo.com/ym/us/Sho...136&bodyPart=6&YY=36891&order=down&sor
t=date&pos=0&view=a&head=b&Idx=10
O24 - Desktop Component 27: (no name) -
http://us.f527.mail.yahoo.com/ym/us/Sho...136&bodyPart=6&YY=1379&order=down&sort
=date&pos=0&Idx=6
O24 - Desktop Component 28: (no name) -
http://d.yimg.com/img.news.yahoo.com/ut...2Fphoto%2Fmovie_pix%2Fmgm%2Fthe_crocod
ile_hunter__collision_course%2F_group_photos%2Fsteve_irwin2.jpg?v=2
O24 - Desktop Component 29: (no name) -
http://d.yimg.com/img.news.yahoo.com/ut...2Fphoto%2Fmovie_pix%2Fmgm%2Fthe_crocod
ile_hunter__collision_course%2Fsteve_irwin%2Fcroc2.jpg?v=2
O24 - Desktop Component 3: (no name) -
http://us.news2.yimg.com/us.yimg.com/p/nm/20050205/mdf848088.jpg
O24 - Desktop Component 30: (no name) -
http://d.yimg.com/img.news.yahoo.com/ut...2Fphoto%2Fmovie_pix%2Fmgm%2Fthe_crocod
ile_hunter__collision_course%2F_group_photos%2Fsteve_irwin5.jpg?v=2
O24 - Desktop Component 31: (no name) -
http://d.yimg.com/img.news.yahoo.com/ut...2Fphoto%2Fmovie_pix%2Fmgm%2Fthe_crocod
ile_hunter__collision_course%2Fsteve_irwin%2Fcroc5.jpg?v=2
O24 - Desktop Component 32: (no name) -
http://d.yimg.com/img.news.yahoo.com/ut...2Fphoto%2Fmovie_pix%2Fmgm%2Fthe_crocod
ile_hunter__collision_course%2F_group_photos%2Fsteve_irwin6.jpg?v=2
O24 - Desktop Component 33: (no name) -
http://d.yimg.com/us.yimg.com/p/ap/2006...237&y=345&sig=F5ymNUF4zOGUaZR3n6jC4w--
O24 - Desktop Component 34: (no name) -
http://us.i1.yimg.com/us.yimg.com/i/ww/news/2006/09/05/steve_irwin_lg.jpg
O24 - Desktop Component 35: (no name) -
http://d.yimg.com/us.yimg.com/p/rids/20...249&y=345&sig=zQIp5o1g6ZIZ1EUnqIWTvQ--
O24 - Desktop Component 36: (no name) -
http://d.yimg.com/us.yimg.com/p/rids/20...244&y=345&sig=T9bPvgf7JbcV4JCsW61gUA--
O24 - Desktop Component 37: (no name) -
http://d.yimg.com/us.yimg.com/p/ap/2006...380&y=251&sig=pMsD.f98iMcUDAobBNaCnQ--
O24 - Desktop Component 38: (no name) -
http://d.yimg.com/us.yimg.com/p/afp/200...380&y=253&sig=lDS.bdIANDk6jndev7mdHg--
O24 - Desktop Component 39: (no name) -
http://d.yimg.com/us.yimg.com/p/nm/2006...380&y=244&sig=0cyE8iMRMX09AnlfKsVn.Q--
O24 - Desktop Component 4: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/uc/20050321/scrbc050321.gif
O24 - Desktop Component 40: (no name) -
http://d.yimg.com/us.yimg.com/p/rids/20...380&y=251&sig=yklTIlLpVWVfQlmhSnG2RQ--
O24 - Desktop Component 41: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20060926/sga060926.gif
O24 - Desktop Component 42: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20061029/sga061029.gif
O24 - Desktop Component 43: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20061111/sga061111.gif
O24 - Desktop Component 44: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20061118/sga061118.gif
O24 - Desktop Component 45: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20061130/sga061130.gif
O24 - Desktop Component 46: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20061201/sga061201.gif
O24 - Desktop Component 47: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20061204/sga061204.gif
O24 - Desktop Component 48: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20061219/sga061219.gif
O24 - Desktop Component 49: (no name) -
http://d.yimg.com/us.yimg.com/p/uc/20070119/sga070119.gif
O24 - Desktop Component 5: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/uc/20050418/sga050418.gif
O24 - Desktop Component 50: (no name) -
http://d.yimg.com/us.yimg.com/p/rids/20...230&y=345&sig=pfmqpo7p53YRcg8xQSG_EQ--
O24 - Desktop Component 51: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/...0812.china_panda_baby_boom_xbej801.jpg
O24 - Desktop Component 52: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/...b.xcs15402091500.poland_zoo_xcs154.jpg
O24 - Desktop Component 53: (no name) -
http://www.sheldrickwildlifetrust.org/Updates_Files/11420060541-pic1.jpg
O24 - Desktop Component 54: (no name) -
http://d.yimg.com/us.yimg.com/p/ap/2007...235&y=345&sig=wRppYVO9cugY1L989xOwrQ--
O24 - Desktop Component 55: (no name) -
http://www.sheldrickwildlifetrust.org/keepers_diary/118200684646-pic1.jpg
O24 - Desktop Component 56: (no name) -
http://www.sheldrickwildlifetrust.org/Updates_Files/114200601149-pic1.jpg
O24 - Desktop Component 57: (no name) -
http://www.sheldrickwildlifetrust.org/Orphan_Files/1024200675448-pic1.jpg
O24 - Desktop Component 6: (no name) -
http://us.news2.yimg.com/us.yimg.com/p/...5251.photo00.photo.default-278x381.jpg
O24 - Desktop Component 7: (no name) -
http://us.news3.yimg.com/img.news.yahoo...20050425%2Fcapt.iacn10104251925.bulldo
g_beauty_contest_iacn101.jpg?v=1
O24 - Desktop Component 8: (no name) -
http://us.news1.yimg.com/us.yimg.com/p/uc/20050430/sga050430.gif
O24 - Desktop Component 9: (no name) -
http://us.news3.yimg.com/img.news.yahoo...F20050504%2Fcapt.sge.moz77.04050517054
4.photo00.photo.default-384x248.jpg?v=1
--
End of file - 15320 bytes