Win32.bettlnet.ar help

vbimport

#1

I can’t get rid of this. What is it and how do I get rid of it?
I use microsoft antispy and e-trust antivirus…they can’t clean it :a


#2

get hijackthis http://www.merijn.org/files/hijackthis.zip
run it and click “do a system scan and save a logfile”
and attach or copy & paste the log and ill tell you what you need to remove


#3

I tried to send it but when I upload the txt file I get an error.


#4

says it is the wrong file type


#5

now I am getting a win32.bettlnet,aw message…ggggrrrrrrr!!!


#6

you can edit your post instead of making new one every moment,anyway copy & paste it or upload to www.mytempdir.com


#7

http://sr1.mytempdir.com/96027


#8

reboot and start windows in safe mdoe to do so press f8 after you reboot until youll see a menu when you will see it select safe mode,search for these files and delete em
ijrgfgq.exe / Nail.exe / dinst.exe , also run hijackthis and click “do a system scan only” tick these items and click “fix checked” and “yes” and restart:

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM…\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM…\Run: [pdxsver] c:\windows\system32\ijrgfgq.exe r
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)


#9

did not work. the file f2-reg:system.ini:shell=explorer.exec:\windows
ail.exe will not cooperate. Oddly enough… I can rid my comp of this bug if my dsl is disconnected…can go for several hrs… as soon as I plug back in I start getting infection warnings from my antivirus(e-trust) and can get up to 92 different locations


#10

sigh

Download the trial version of Spy Sweeper from Webroot.

Install it.

Reboot your machine IN SAFE MODE and run Spy Sweeper.

ALSO in SAFE MODE, delete those files. You CAN delete them in safe mode. If you can’t delete them… you aren’t in safe mode.


#11

I ran the spy sweeper and now I am waiting to see what happens…
The one thing that I could not get rid of,if I was supposed to, was an "app"called nail not a file called nail, my bad. Damn…before I could finish typing this it popped back-upwin32.bettlnet.ar infected file. I’m about ready too reformat and loose some of my info…not sure what is infected ya know?


#12

Hey walrus, I got this from a bad experience on another forum.
Try this: Put Hijackthis.exe in a Permanent folder (not just on your desktop).
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to “HJT” or “HijackThis”. Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
This will allow backups to be made and saved By hijackthis in case something goes wrong.
Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.

Download ETRemover from here: http://www.simplytech.it/ETRemover/ETRemoverV120.zip
Unzip the file to your Desktop.
Then, reboot to Safe mode (Tap F8 while restarting).
Open ETRemover, then click on “Kill Elite Toolbar”
Let the tool run, then reboot normally.

Please download and run a Free Trial of Trojan Hunter: http://www.misec.net/products/TrojanHunter.exe
If any infected files are found, delete them.

Next, take a free Online Virus scan at HouseCall or eTrust or both.
If any infected files are found, delete them.

To clean your temp folder, recycle bin, etc… download this free tool CCleaner : http://www.ccleaner.com/ccdownload.php
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click “Run Cleaner”.
Then Reboot

Open HijackThis, click Config, click Misc Tools
Click “Open Uninstall Manager”
Click “Save List” (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

And please post a new HJT log, more work will be needed…


#13

Nail.exe is the worst variant of the A Better Internet spyware.
Download and try ABI Remover, is was coded specifically for A Better Internet.

The folks over at Spyware Warriors have a section devoted to the removal of Nail.exe.

You can also try to open a command propmt, navigate to C:\WINDOWS.
At the prompt type nail.exe /fullremove.
I have used this successfully on several systems.


#14

Here is what I got…

log file.txt (6.26 KB)


#15

all clean now :bigsmile:


#16

I was loosing my friggin mind… a better internet sux


#17

Thanks for everyones help :bow: :bow: :bow: :flower:


#18

Hi my computer has the same win32.bettlnet.ar problem and i’ve run different kinds of antivirus but none of them work. If anyone can help me i’d really apreciate it…
Below is the hijackthis scan result i got…

Logfile of HijackThis v1.99.1
Scan saved at 4:52:19 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla fswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dkowqpkd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\gwvcerl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\DOCUME~1\HECTOR~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ivrvgfllgcwjgrmustqoccd.com/gOCMGM8Qpf2ihxQtGLMH78BRBltXG/7E/jnDv09nrkBhJy1D7PLZwHam_drgOu81.jsp
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26890647-6466-F95C-B77C-23E0D794FCB8} - C:\DOCUME~1\HECTOR~1\APPLIC~1\SHOWDA~1\bashpoke.exe (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla fswshx.dll
O2 - BHO: (no name) - {DBC591FB-CEA4-098B-F733-C785F67997AB} - C:\DOCUME~1\HECTOR~1\APPLIC~1\SHOWDA~1\bashpoke.exe (file missing)
O2 - BHO: (no name) - {E0338C91-CD7A-C4A8-3896-7063F0D8BDB4} - C:\Program Files\CDM\kwrmdtftxe.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM…\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM…\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM…\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM…\Run: [MMTray] “C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe”
O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla fswctrl.exe
O4 - HKLM…\Run: [Dell Photo AIO Printer 922] “C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe”
O4 - HKLM…\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM…\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe”
O4 - HKLM…\Run: [fast draw wma boob] C:\Documents and Settings\All Users\Application Data\list noun fast draw\CurbElse.exe
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [CaAvTray] “C:\Program Files\Yahoo!\Antivirus\CAVTray.exe”
O4 - HKLM…\Run: [CAVRID] “C:\Program Files\Yahoo!\Antivirus\CAVRID.exe”
O4 - HKLM…\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM…\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM…\Run: [Windows System] dkowqpkd.exe
O4 - HKLM…\Run: [Spooler Subsystem] spoolsub.exe
O4 - HKLM…\Run: [Show plus type two] C:\Documents and Settings\All Users\Application Data\downloadamokshowplus\Real bore.exe
O4 - HKLM…\RunServices: [Spooler Subsystem] spoolsub.exe
O4 - HKCU…\Run: [ares] “C:\Program Files\Ares\Ares.exe” -h
O4 - HKCU…\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU…\Run: [bind the] C:\DOCUME~1\HECTOR~1\APPLIC~1\IDOLBR~1\PLAY WAY.exe
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [DellSupport] “C:\Program Files\Dell Support\DSAgnt.exe” /startup
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\RunOnce: [Windows System] dkowqpkd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111722955380
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


#19

welcome to the forum , next time you got a problem its better to open your own thread instead of puting it in a similar problem thread first of cuz if the user that started this thread is set to recieve email notification on new replys he wont like it since its not related to his problem and its alredy have been solved second of cuz its the more polite thing to do

anyway back to buisness , start windows in safe mode to do so restart and press f8 until a menu will be shown and select “safe mode” , run hijackthis and click “do a system scan only” tick these items and click “fix checked” and “yes”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ivrvgfllgcwjgrmustqoccd…Ham_drgOu81.jsp
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {26890647-6466-F95C-B77C-23E0D794FCB8} - C:\DOCUME~1\HECTOR~1\APPLIC~1\SHOWDA~1\bashpoke.exe (file missing)
O2 - BHO: (no name) - {DBC591FB-CEA4-098B-F733-C785F67997AB} - C:\DOCUME~1\HECTOR~1\APPLIC~1\SHOWDA~1\bashpoke.exe (file missing)
O2 - BHO: (no name) - {E0338C91-CD7A-C4A8-3896-7063F0D8BDB4} - C:\Program Files\CDM\kwrmdtftxe.dll (file missing)
O4 - HKLM…\Run: [fast draw wma boob] C:\Documents and Settings\All Users\Application Data\list noun fast draw\CurbElse.exe
O4 - HKLM…\Run: [Windows System] dkowqpkd.exe
O4 - HKLM…\Run: [Spooler Subsystem] spoolsub.exe
O4 - HKLM…\Run: [Show plus type two] C:\Documents and Settings\All Users\Application Data\downloadamokshowplus\Real bore.exe
O4 - HKCU…\Run: [bind the] C:\DOCUME~1\HECTOR~1\APPLIC~1\IDOLBR~1\PLAY WAY.exe
O4 - HKCU…\RunOnce: [Windows System] dkowqpkd.exe

when done run searches for those files and delete em and restart , make a new hijackthis log and copy & paste so well see how it went


#20

This are my new results

Logfile of HijackThis v1.99.1
Scan saved at 6:25:24 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla fswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HECTOR~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yuxoeeepnn.uk/gOCMGM8Qpf2ihxQtGLMH78BRBltXG/7E/jnDv09nrkAN3fwWme0d9Xam_drgOu81.asp
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla fswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM…\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM…\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM…\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM…\Run: [MMTray] “C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe”
O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla fswctrl.exe
O4 - HKLM…\Run: [Dell Photo AIO Printer 922] “C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe”
O4 - HKLM…\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM…\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [CaAvTray] “C:\Program Files\Yahoo!\Antivirus\CAVTray.exe”
O4 - HKLM…\Run: [CAVRID] “C:\Program Files\Yahoo!\Antivirus\CAVRID.exe”
O4 - HKLM…\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM…\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM…\RunServices: [Spooler Subsystem] spoolsub.exe
O4 - HKCU…\Run: [ares] “C:\Program Files\Ares\Ares.exe” -h
O4 - HKCU…\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [DellSupport] “C:\Program Files\Dell Support\DSAgnt.exe” /startup
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
pjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111722955380
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE