how to remove Win32: Trojan-gen {other}?

Can someone please help me to remove the Win32: Trojan-gen {other}?

—thanks a lot

You should read this http://forum.avast.com/index.php?board=4;action=display;threadid=5373

and provide more infos. Which file is reported as infected and where did Avast report it(filename/folder). Did you try a boottimescan?

well not yet…

ok i’ll indicate the details later…

the file infected is the Excel10.dll from …/application data/microsoft/office…

Also i can’t view any text using Yahoo messenger, search, Ctrl-F on any window for searching text…

but i deleted the file already… and I will just check if it is working fine already or still it’s not…

thanks a lot…
i will indicate the details if my pc still has the virus… oks…

OS: winxp sp2 rc2

My logfile:

Logfile of HijackThis v1.98.0
Scan saved at 9:48:47 PM, on 8/2/2004
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\CFusionMX\runtime\bin\jrunsvc.exe
F:\CFusionMX\db\slserver52\bin\swagent.exe
F:\CFusionMX\runtime\bin\jrun.exe
F:\CFusionMX\db\slserver52\bin\swstrtr.exe
F:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
D:\Program Files\CpuIdle\Cpuidle.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
D:\Program Files\MBProbe\MBProbe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quiksearchgenealogy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.quiksearchgenealogy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.quiksearchgenealogy.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.pacific.net.ph:8080;http=proxy.pacific.net.ph:8080
O1 - Hosts: 69.56.223.196 t.rack.cc
O1 - Hosts: 69.56.223.196 www.alfa-search.com
O1 - Hosts: 69.56.223.196 webcoolsearch.com
O1 - Hosts: 69.56.223.196 in.webcounter.cc
O1 - Hosts: 69.56.223.196 i-lookup.com
O1 - Hosts: 69.56.223.196 www.hand-book.com
O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
O1 - Hosts: 69.56.223.196 allneedsearch.com
O1 - Hosts: 69.56.223.196 nativehardcore.com
O1 - Hosts: 69.56.223.196 teen-biz.com
O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
O1 - Hosts: 69.56.223.196 best.royalsearch.net
O1 - Hosts: 69.56.223.196 default-homepage-network.com
O1 - Hosts: 69.56.223.196 xwebsearch.biz
O1 - Hosts: 69.56.223.196 www.rightfinder.net
O1 - Hosts: 69.56.223.196 www.search-1.net
O1 - Hosts: 69.56.223.196 www.searchv.com
O1 - Hosts: 69.56.223.196 www.websearch.com
O1 - Hosts: 69.56.223.196 mysearchnow.com
O1 - Hosts: 69.56.223.196 www.therealsearch.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 find.microgirls.com
O1 - Hosts: 69.56.223.196 super-spider.com
O1 - Hosts: 69.56.223.196 www.searching-the-net.com
O1 - Hosts: 69.56.223.196 www.firstbookmark.com
O1 - Hosts: 69.56.223.196 just.find-itnow.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 qwertysearch123.biz
O1 - Hosts: 69.56.223.196 www.search-space.com
O1 - Hosts: 69.56.223.196 www.windowws.cc
O1 - Hosts: 69.56.223.196 aifind.info
O1 - Hosts: 69.56.223.196 www.find4u.net
O1 - Hosts: 69.56.223.196 find4u.net
O1 - Hosts: 69.56.223.196 www.lookfor.cc
O1 - Hosts: 69.56.223.196 www.008i.com
O1 - Hosts: 69.56.223.196 www.viewpornkey.com
O1 - Hosts: 69.56.223.196 www.hugesearch.net
O1 - Hosts: 69.56.223.196 www.novafuck.com
O1 - Hosts: 69.56.223.196 www.seznam.cz
O1 - Hosts: 69.56.223.196 aifind.cc
O1 - Hosts: 69.56.223.196 www.onet.pl
O1 - Hosts: 69.56.223.196 teenhqpics.com
O1 - Hosts: 69.56.223.196 www.ttjj.com
O1 - Hosts: 69.56.223.196 www.search-dot.com
O1 - Hosts: 69.56.223.196 www.search-and-go.com
O1 - Hosts: 69.56.223.196 www.slotch.com
O1 - Hosts: 69.56.223.196 www.2fastsearch.net
O1 - Hosts: 69.56.223.196 awebfind.biz
O1 - Hosts: 69.56.223.196 www.power-search.info
O1 - Hosts: 69.56.223.196 www.naver.com
O1 - Hosts: 69.56.223.196 www.daum.net
O1 - Hosts: 69.56.223.196 www.ohcorea.com
O1 - Hosts: 69.56.223.196 www.hao123.com
O1 - Hosts: 69.56.223.196 58q.com
O1 - Hosts: 69.56.223.196 www.hotwebsearch.com
O1 - Hosts: 69.56.223.196 www.startium.com
O1 - Hosts: 69.56.223.196 www.gajai.com
O1 - Hosts: 69.56.223.196 www.wazzupnet.com
O1 - Hosts: 69.56.223.196 freshvideogals.com
O1 - Hosts: 69.56.223.196 www.xgmm.com
O1 - Hosts: 69.56.223.196 searchmyrequest.com
O1 - Hosts: 69.56.223.196 yourbookmarks.ws
O1 - Hosts: 69.56.223.196 wmmse.com
O1 - Hosts: 69.56.223.196 link.startmake.com
O1 - Hosts: 69.56.223.196 www.boredlife.com
O1 - Hosts: 69.56.223.196 approvedlinks.com
O1 - Hosts: 69.56.223.196 www.nkvd.us
O1 - Hosts: 69.56.223.196 www.8095.com
O1 - Hosts: 69.56.223.196 www.dreamwiz.com
O1 - Hosts: 69.56.223.196 ie-search.com
O1 - Hosts: 69.56.223.196 auto.ie.searchforge.com
O1 - Hosts: 69.56.223.196 search.psn.cn
O1 - Hosts: 69.56.223.196 www.couldnotfind.com
O1 - Hosts: 69.56.223.196 www.iquicksearch.com
O1 - Hosts: 69.56.223.196 1-se.com
O1 - Hosts: 69.56.223.196 www.spidersearch.com
O1 - Hosts: 69.56.223.196 search.ieplugin.com
O1 - Hosts: 69.56.223.196 itseasy.us
O1 - Hosts: 69.56.223.196 searchbar.findthewebsiteyouneed.com
O1 - Hosts: 69.56.223.196 www.searchxl.com
O1 - Hosts: 69.56.223.196 www.hotsearchbox.com
O1 - Hosts: 69.56.223.196 www.searchforge.com
O1 - Hosts: 69.56.223.196 www.omega-search.com
O1 - Hosts: 69.56.223.196 searchcentrix.com

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM..\Run: [LogitechGalleryRepair] D:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM..\Run: [LogitechImageStudioTray] D:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM..\Run: [CpuIdle] D:\Program Files\CpuIdle\Cpuidle.exe
O4 - HKLM..\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MBProbe.lnk = D:\Program Files\MBProbe\MBProbe.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1089906583390
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip..{8202F5B3-DE07-46AD-94E8-4F9E813C9FE6}: NameServer = 210.23.235.34 210.23.234.33
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

that’s my logfile

what’s wrong with that?

it’s too long… ;D

pleased reread raman’s link, then install & update
Ad-Aware, SPYBOT & cwshredder

reboot to safeMode (F8-Boot) and scan and fix with the 3 tools several times, until nothing more is found/fixed
(except DSO-exploit from SPYBOT: ignore this…)

reboot, fix any remaining “O1 - Hosts:” entries in Hijackthis…
reboot and post a new hijackthis-Log please… :wink: :wink:

Too long? lol, not for my HJT analyzer ;D
Remove these lines:
r1 - hkcu\software\microsoft\internet explorer\main,searchurl = http://about-blank.biz/
r0 - hklm\software\microsoft\internet explorer\main,start page = http://www.quiksearchgenealogy.com/
r1 - hklm\software\microsoft\internet explorer\main,searchurl = http://about-blank.biz/
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r1 - hkcu\software\microsoft\internet explorer\main,start page_bak = http://www.quiksearchgenealogy.com/
r1 - hklm\software\microsoft\internet explorer\main,start page_bak = http://www.quiksearchgenealogy.com/

And all lines starting with: O1 - Hosts: 69.56.223.196
These entries will send you to 69.56.223.196 (webiste) which is a advertising site. The funny thing is it does this if you visit one of the porn, addsites mentioned after the number. You will also be redirected to that site if you visit a site that has a banner (add) of one of the mentioned sites on it. Not exactly what you want imo :smiley:

Other than these things, there isn’t anything harmfull in it. Personally I would also remove CPU-Idle. There is no need for anyone to have that. If your cpu gets (too) hot, you need either clean the coolers/fans, get better ones and/or replace your system so the air has better circulation options. CPU-Idle is running constantly so it is using the cpu itself and therefor heating it up. If you read on their site, they say that the applications shutsdown the cpu to cool it. Now this is really funny, because if this happens cpu-idle itself can’t run also ;D

Ok, back to business. Remove the items I menstioned. Reboot and run HJT again. create a new log and take it HERE If that site finds things I have overlooked, repeat this procedure.

:smiley: thanks for the replies…

i will do all the necessary acts you have told me…

and i will post the log file later.

thanks a lot:D

Here’s the latest:

Logfile of HijackThis v1.98.0
Scan saved at 11:08:21 PM, on 8/3/2004
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\CFusionMX\runtime\bin\jrunsvc.exe
F:\CFusionMX\db\slserver52\bin\swagent.exe
F:\CFusionMX\runtime\bin\jrun.exe
F:\CFusionMX\db\slserver52\bin\swstrtr.exe
F:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
D:\Program Files\CpuIdle\Cpuidle.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MBProbe\MBProbe.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\Winamp\winamp.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
F:\Program Files\Xinox Software\JCreatorV3 LE\JCreator.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.pacific.net.ph:8080;http=proxy.pacific.net.ph:8080
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM..\Run: [LogitechGalleryRepair] D:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM..\Run: [LogitechImageStudioTray] D:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM..\Run: [CpuIdle] D:\Program Files\CpuIdle\Cpuidle.exe
O4 - HKLM..\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MBProbe.lnk = D:\Program Files\MBProbe\MBProbe.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1089906583390
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll