Sponsored By

taniguce

Members
  • Content Count

    21
  • Joined

  • Last visited

About taniguce

  • Rank
    Member
  1. Thank you so much for all your help. I really appreciate it. I will definitely take the tips you gave me to protect my pc. Thanks, again.
  2. Logfile of HijackThis v1.99.1 Scan saved at 9:11:28 AM, on 10/9/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
  3. I ran another AVG Anti-Spyware scan in safemode. It did not find anything this time, so there is no report to copy/paste to you.
  4. Logfile of HijackThis v1.99.1 Scan saved at 5:14:13 PM, on 10/8/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\Program Files\hijackthis\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe ****************************************************************************** I also ran the AVG anti-spyware in safemode after getting the malware alert for the file in c:\!killbox directory that it found. Here is the text file for that report: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:01:21 PM 10/8/2006 + Scan result: C:\System Volume Information\_restore{6EBA4C03-A18F-4374-9B57-78EB62701D84}\RP279\A0047549.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\сhkntfs.exe -> Adware.PurityScan : Cleaned with backup (quarantined). C:\!KillBox\z2748.exe -> Downloader.CWS.ab : Cleaned with backup (quarantined). C:\System Volume Information\_restore{6EBA4C03-A18F-4374-9B57-78EB62701D84}\RP279\A0047539.exe -> Downloader.CWS.ab : Cleaned with backup (quarantined). C:\System Volume Information\_restore{6EBA4C03-A18F-4374-9B57-78EB62701D84}\RP279\A0047548.exe -> Trojan.Fakealert : Cleaned with backup (quarantined). ::Report end ******************************************************************************** I also uninstalled the AVG anti-virus software since I already have Mcafee running. I read awhile back that having more than one anti-virus program can create problems. I only installed the free version of the AVG when I couldn't get into the Mcafee update page. After you have been helping me, I can now get into their page to download the latest dat files. Otherwise, so far I think things are running OK. I just don't understand why the AVG Anti-Spyware program found 5 more problems that it quarantined after all the scanning and cleaning that was already done previously. Please advise on this. Thank you.
  5. Files in c:\!killbox: 1. Logs (folder), in this folder is a file called kb 2. conscorr.ini 3. z2748.exe (when I went into the !killbox folder, the AVG Anti-Spyware you had me load previously comes up and states that "Malware found" Name: Downloader.CWS.ab Location: C:\!KillBox\z2748.exe Below is the contents of the file called kb: Pocket Killbox version 2.0.0.881 Running on Windows XP as Leigh Silberg(Administrator) was started @ Thursday, October 05, 2006, 8:10 PM # 1 [Delete on Reboot] Path = C:\windows\inf\conscorr.inf # 2 [Delete on Reboot] Path = c:\temp\FLEOK # 3 [Delete on Reboot] Path = C:\Documents and Settings\Leigh Silberg\Favorites\health # 4 [Delete on Reboot] Path = C:\WINDOWS\SYSTEM32\z2924.exe # 5 [Delete on Reboot] Path = C:\WINDOWS\SYSTEM32\z2748.exe # 6 [Delete on Reboot] Path = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:15:03 PM Killbox Closed(Exit) @ 8:19:20 PM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as Leigh Silberg(Administrator) was started @ Saturday, October 07, 2006, 3:48 PM # 1 [Delete on Reboot] Path = c:\windows\system32\win_a3.dll PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:51:51 PM Killbox Closed(Exit) @ 3:52:36 PM __________________________________________________
  6. 1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile. 2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed. 3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding the Hello.exe program. It looks like another spyware. I have a feeling this is also a bad program or something that should be deleted. I also have a Picasa and a Picasa2 folder in the C:\Program Files\ directory of which I do not know anything about. Can I just unistall these programs? Please advise on these. Hijack Logfile: Logfile of HijackThis v1.99.1 Scan saved at 3:42:17 PM, on 10/7/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe ******************************************************************************** ****** Uninstall_list.txt: Adaptec DirectCD Adaptec Easy CD Creator 4 Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Download Manager 1.2 (Remove Only) Adobe Photoshop 6.0 Adobe Reader 6.0.1 Adobe SVG Viewer Arabic Language Support ATI - Software Uninstall Utility ATI Control Panel AVG Anti-Spyware 7.5 AVG Free Edition Backpack Driver By Design Home CCleaner (remove only) Chinese (Simplified) Language Support Chinese (Traditional) Language Support Eudora Galaris Musicians Directory 2005 Hebrew Language Support Hello (remove only) HijackThis 1.99.1 HP DeskJet 930C Series (Remove only) HP PhotoSmart Photo Printing Software HydraVision Intel HaM Modem Drivers and Utilities J2SE Runtime Environment 5.0 Update 6 Japanese Language Support Keynote Connector Korean Language Support Kova-Solutions jBackup LSP Explorer plug-in for Ad-Aware SE Macromedia Dreamweaver Macromedia Flash Player 8 Macromedia Shockwave Player McAfee Firewall McAfee VirusScan Home Edition Microsoft Data Access Components KB870669 Microsoft Office 97, Professional Edition Microsoft VGX Q833989 Mozilla Firefox (1.5) Offer Optimizer Outlook Express Q837009 Paint Shop Pro Shareware Version 3.11 Panda ActiveScan Pan-European Language Support Picasa 2 Pop-Up Stopper Free Edition RealPlayer RegScrubXP 3.25 Shopping Wizard Sound Blaster AudioPCI Spybot - Search & Destroy 1.3 SpywareBlaster v3.5.1 SpywareGuard v2.2 STOMP Backup MyPC STOMP Backup MyPC Update Manager Thai Language Support Tweak-SE plug-in for Ad-Aware SE VIA Audio Driver Setup Program Windows XP Hotfix - KB823559 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB887822 Windows XP Hotfix (SP1) [see Q329048 for more information] Windows XP Hotfix (SP1) [see Q329390 for more information] Windows XP Hotfix (SP1) [see Q329441 for more information] Windows XP Hotfix (SP1) [see Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q817606 Windows XP Hotfix (SP2) [see Q329115 for more information] WinZip This is an addition to my last reply. I didn't know if I was suppose to create another HiJack logfile after the 3 boxes were checked and deleted. So, I went back and ran another scan and create logfile just in case. I am sorry if I should have done this before I sent you the previous Hijack Logfile. Hope this is not confusing. Thanks for all the help you have been giving me. I really appreciate it. New HiJack Logfile: Logfile of HijackThis v1.99.1 Scan saved at 4:26:46 PM, on 10/7/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe OK, I just found out that my husband downloaded and installed the Hello and Picasa programs for his blog that he uses on his website. So, I guess the C:\program files\picasa\pinstall is a valid file that is part of these programs. Sorry again for not knowing sooner and not letting you know in two previous replies. Thank you.
  7. 1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile. 2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed. 3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding the Hello.exe program. It looks like another spyware. I have a feeling this is also a bad program or something that should be deleted. I also have a Picasa and a Picasa2 folder in the C:\Program Files\ directory of which I do not know anything about. Can I just unistall these programs? Please advise on these. Hijack Logfile: Logfile of HijackThis v1.99.1 Scan saved at 3:42:17 PM, on 10/7/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe ******************************************************************************** ****** Uninstall_list.txt: Adaptec DirectCD Adaptec Easy CD Creator 4 Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Download Manager 1.2 (Remove Only) Adobe Photoshop 6.0 Adobe Reader 6.0.1 Adobe SVG Viewer Arabic Language Support ATI - Software Uninstall Utility ATI Control Panel AVG Anti-Spyware 7.5 AVG Free Edition Backpack Driver By Design Home CCleaner (remove only) Chinese (Simplified) Language Support Chinese (Traditional) Language Support Eudora Galaris Musicians Directory 2005 Hebrew Language Support Hello (remove only) HijackThis 1.99.1 HP DeskJet 930C Series (Remove only) HP PhotoSmart Photo Printing Software HydraVision Intel HaM Modem Drivers and Utilities J2SE Runtime Environment 5.0 Update 6 Japanese Language Support Keynote Connector Korean Language Support Kova-Solutions jBackup LSP Explorer plug-in for Ad-Aware SE Macromedia Dreamweaver Macromedia Flash Player 8 Macromedia Shockwave Player McAfee Firewall McAfee VirusScan Home Edition Microsoft Data Access Components KB870669 Microsoft Office 97, Professional Edition Microsoft VGX Q833989 Mozilla Firefox (1.5) Offer Optimizer Outlook Express Q837009 Paint Shop Pro Shareware Version 3.11 Panda ActiveScan Pan-European Language Support Picasa 2 Pop-Up Stopper Free Edition RealPlayer RegScrubXP 3.25 Shopping Wizard Sound Blaster AudioPCI Spybot - Search & Destroy 1.3 SpywareBlaster v3.5.1 SpywareGuard v2.2 STOMP Backup MyPC STOMP Backup MyPC Update Manager Thai Language Support Tweak-SE plug-in for Ad-Aware SE VIA Audio Driver Setup Program Windows XP Hotfix - KB823559 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB887822 Windows XP Hotfix (SP1) [see Q329048 for more information] Windows XP Hotfix (SP1) [see Q329390 for more information] Windows XP Hotfix (SP1) [see Q329441 for more information] Windows XP Hotfix (SP1) [see Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q817606 Windows XP Hotfix (SP2) [see Q329115 for more information] WinZip This is an addition to my last reply. I didn't know if I was suppose to create another HiJack logfile after the 3 boxes were checked and deleted. So, I went back and ran another scan and create logfile just in case. I am sorry if I should have done this before I sent you the previous Hijack Logfile. Hope this is not confusing. Thanks for all the help you have been giving me. I really appreciate it. New HiJack Logfile: Logfile of HijackThis v1.99.1 Scan saved at 4:26:46 PM, on 10/7/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
  8. 1. I ran Hijack This and checked the boxes to delete. I received an error message regarding deleting the 020 box, O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll. It should be noted in the hijack logfile. 2. I ran Killblox and did receive the message regarding any PendingFileRenameOperations prompt . I clicked OK at this prompt as you instructed. 3. I do not know what the C:\Program Files\Picasa\pinstall.dll is. I do have a "Hello" folder in the C:\Program Files\ directory which I don't know anything about. In the folder, it has a Picasa icon. I did a search on Google regarding the Hello.exe program. It looks like another spyware. I have a feeling this is also a bad program or something that should be deleted. I also have a Picasa and a Picasa2 folder in the C:\Program Files\ directory of which I do not know anything about. Can I just unistall these programs? Please advise on these. Hijack Logfile: Logfile of HijackThis v1.99.1 Scan saved at 3:42:17 PM, on 10/7/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe ******************************************************************************** ****** Uninstall_list.txt: Adaptec DirectCD Adaptec Easy CD Creator 4 Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Download Manager 1.2 (Remove Only) Adobe Photoshop 6.0 Adobe Reader 6.0.1 Adobe SVG Viewer Arabic Language Support ATI - Software Uninstall Utility ATI Control Panel AVG Anti-Spyware 7.5 AVG Free Edition Backpack Driver By Design Home CCleaner (remove only) Chinese (Simplified) Language Support Chinese (Traditional) Language Support Eudora Galaris Musicians Directory 2005 Hebrew Language Support Hello (remove only) HijackThis 1.99.1 HP DeskJet 930C Series (Remove only) HP PhotoSmart Photo Printing Software HydraVision Intel HaM Modem Drivers and Utilities J2SE Runtime Environment 5.0 Update 6 Japanese Language Support Keynote Connector Korean Language Support Kova-Solutions jBackup LSP Explorer plug-in for Ad-Aware SE Macromedia Dreamweaver Macromedia Flash Player 8 Macromedia Shockwave Player McAfee Firewall McAfee VirusScan Home Edition Microsoft Data Access Components KB870669 Microsoft Office 97, Professional Edition Microsoft VGX Q833989 Mozilla Firefox (1.5) Offer Optimizer Outlook Express Q837009 Paint Shop Pro Shareware Version 3.11 Panda ActiveScan Pan-European Language Support Picasa 2 Pop-Up Stopper Free Edition RealPlayer RegScrubXP 3.25 Shopping Wizard Sound Blaster AudioPCI Spybot - Search & Destroy 1.3 SpywareBlaster v3.5.1 SpywareGuard v2.2 STOMP Backup MyPC STOMP Backup MyPC Update Manager Thai Language Support Tweak-SE plug-in for Ad-Aware SE VIA Audio Driver Setup Program Windows XP Hotfix - KB823559 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB887822 Windows XP Hotfix (SP1) [see Q329048 for more information] Windows XP Hotfix (SP1) [see Q329390 for more information] Windows XP Hotfix (SP1) [see Q329441 for more information] Windows XP Hotfix (SP1) [see Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q817606 Windows XP Hotfix (SP2) [see Q329115 for more information] WinZip
  9. WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Logfile created on: 10/7/2006 8:52:21 AM WinPFind v1.5.0 Folder = C:\folder\winpfind\WinPFind\ Microsoft Windows XP (Version = 5.1.2600) Internet Explorer (Version = 6.0.2600.0000) »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... PEC2 10/4/2006 9:13:34 PM 2260014 C:\crash.txt () PTech 10/4/2006 9:13:34 PM 2260014 C:\crash.txt () WSUD 10/4/2006 9:13:34 PM 2260014 C:\crash.txt () Checking %ProgramFilesDir% folder... Checking %WinDir% folder... WSUD 5/19/2005 9:03:40 AM 4870 C:\WINDOWS\suxddd.dat () WSUD 5/25/2005 12:07:04 AM 4866 C:\WINDOWS\eyufxf.dat () WSUD 5/8/2005 4:39:02 PM 4866 C:\WINDOWS\jdeme.txt () UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe () aspack 3/25/2003 6:24:56 PM 311840 C:\WINDOWS\eFaxView.exe (eFax.com) Checking %System% folder... WSUD 5/18/2005 12:08:24 AM 4870 C:\WINDOWS\SYSTEM32\bxytq.log () WSUD 6/8/2005 11:54:12 AM 9237 C:\WINDOWS\SYSTEM32\awpmc.txt () PEC2 8/23/2001 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc () WSUD 8/23/2001 12:00:00 PM 1135616 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation) WSUD 8/23/2001 12:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) Umonitor 8/23/2001 12:00:00 PM 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation) winsync 8/23/2001 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu () PTech 8/7/2006 9:50:22 AM 1484592 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation) Checking %System%\Drivers folder and sub-folders... UPX! 10/4/2006 8:03:54 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.) FSG! 10/4/2006 8:03:54 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.) PEC2 10/4/2006 8:03:54 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.) aspack 10/4/2006 8:03:54 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.) Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 10/7/2006 8:50:08 AM S 2048 C:\WINDOWS\bootstat.dat () 10/7/2006 8:49:16 AM H 790528 C:\WINDOWS\SYSTEM32\config\system.LOG () 10/7/2006 8:49:16 AM H 90112 C:\WINDOWS\SYSTEM32\config\software.LOG () 10/7/2006 8:49:16 AM H 8192 C:\WINDOWS\SYSTEM32\config\default.LOG () 10/7/2006 8:50:26 AM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG () 10/7/2006 8:50:10 AM H 12288 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG () 9/13/2006 10:22:00 PM H 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat.LOG () 9/2/2006 8:49:06 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\f1e15f49-651a-40d0-bb6a-c02327f96c79 () 9/2/2006 8:49:06 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred () 8/29/2006 10:14:10 PM HS 30208 C:\WINDOWS\All Users\DRM\drmv2.sst () 10/7/2006 8:48:56 AM H 6 C:\WINDOWS\Tasks\SA.DAT () Checking for CPL files... 8/24/2000 3:46:38 PM R 266240 C:\WINDOWS\SYSTEM32\Adobe Gamma.cpl (Adobe Systems, Inc.) 7/11/1997 22528 C:\WINDOWS\SYSTEM32\FINDFAST.CPL () 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation) 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.) 9/29/2003 9:46:42 AM 65536 C:\WINDOWS\SYSTEM32\bpcpl.cpl (Micro Solutions, Inc.) 8/23/2001 12:00:00 PM 130048 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 65536 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 294912 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 119808 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation) 8/23/2001 5:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation) 8/23/2001 5:00:00 AM 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 294912 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation) 8/23/2001 5:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation) 8/23/2001 12:00:00 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation) Checking for Downloaded Program Files... {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab {17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - - CodeBase = http://nexpoly.co.kr/controls/nixplay25.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab DirectAnimation Java Classes - - CodeBase = file://c:\windows\SYSTEM\dajava.cab Internet Explorer Classes for Java - - CodeBase = file://c:\windows\SYSTEM\iejava.cab Microsoft XML Parser for Java - - CodeBase = file://c:\windows\Java\classes\xmldso.cab »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 4/4/2004 11:49:28 AM 511 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk () 10/21/2004 11:13:22 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini () Checking files in %ALLUSERSPROFILE%\Application Data folder... 10/21/2004 11:04:16 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini () Checking files in %USERPROFILE%\Startup folder... 10/21/2004 11:13:22 PM HS 84 C:\Documents and Settings\Leigh Silberg\Start Menu\Programs\Startup\desktop.ini () 6/1/2005 2:26:46 PM 554 C:\Documents and Settings\Leigh Silberg\Start Menu\Programs\Startup\SpywareGuard.lnk () Checking files in %USERPROFILE%\Application Data folder... 10/21/2004 11:04:16 PM HS 62 C:\Documents and Settings\Leigh Silberg\Application Data\desktop.ini () 12/28/2003 3:04:08 PM 0 C:\Documents and Settings\Leigh Silberg\Application Data\dm.ini () 10/3/2004 12:33:04 PM 4862 C:\Documents and Settings\Leigh Silberg\Application Data\dw.log () 1/11/2005 2:26:00 PM 60192 C:\Documents and Settings\Leigh Silberg\Application Data\GDIPFONTCACHEV1.DAT () »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» >>> Internet Explorer Settings <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - about:blank \\Search Bar - \\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch \\Default_Search_URL - \\Local Page - C:\windows\system32\blank.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://www.yahoo.com/ \\Search Page - \\Local Page - C:\windows\system32\blank.htm [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] >>> BHO's <<< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL (Adobe Systems Incorporated) \{4A368E80-174F-4872-96B5-0B27DDD11DB2} - SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll () \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) >>> Internet Explorer Bars, Toolbars and Extensions <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = C:\WINDOWS\SYSTEM32\SHDOCVW.DLL (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] \{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = C:\WINDOWS\SYSTEM32\BROWSEUI.DLL (Microsoft Corporation) \{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) \{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] \\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx () \\{ACB1E670-3217-45C4-A021-6B829A8A27CB} - McAfee VirusScan = C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = () \WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping] \\NEXTID - 8198 \\{724d43aa-0d85-11d4-9908-00400523e39a} - 8193 = \\{320AF880-6646-11D3-ABEE-C5DBF3571F46} - 8194 = \\{320AF880-6646-11D3-ABEE-C5DBF3571F49} - 8195 = \\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - 8196 = Share in H&ello \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 = Sun Java Console [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID) \{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - ButtonText: Share in Hello = >>> Approved Shell Extensions (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = () \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = () \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = () \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.) \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = () \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = () \\{5E44E225-A408-11CF-B581-008029601108} - Adaptec Directcd Shell Extension = C:\Program Files\Adaptec\DirectCD\shellex.dll (Adaptec) \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\NVIDIA\Win9x\40.72\NvCpl.dll (NVIDIA Corporation) \\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = () \\{043308A2-3CF7-4ED5-A668-2B4FB0BD307A} - dBpowerAMP dAP Scripting = () \\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Popup Info = () \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL (RealNetworks, Inc.) \\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard = C:\Program Files\SpywareGuard\spywareguard.dll () \\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) \\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] >>> Context Menu Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers] \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) \AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) \WinZip - {E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll () \{97F51F2B-E87A-4349-84B1-2D91CB2C0C1B} - = C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.) [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers] [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers] \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) \WinZip - {E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll () [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers] \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\NVIDIA\Win9x\40.72\NvCpl.dll (NVIDIA Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers] \AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) \WinZip - {E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\wzshlext.dll () \{97F51F2B-E87A-4349-84B1-2D91CB2C0C1B} - = C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.) >>> Column Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] >>> Registry Run Keys <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] SystemTray - C:\WINDOWS\SYSTEM32\SysTray.Exe (Microsoft Corporation) iexplore.exe - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.) !AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PopUpStopperFreeEdition - C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe (Panicware, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] >>> Startup Links <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini () [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup] C:\Documents and Settings\Leigh Silberg\Start Menu\Programs\Startup\desktop.ini () C:\Documents and Settings\Leigh Silberg\Start Menu\Programs\Startup\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe () >>> MSConfig Disabled Items <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 0 [All Users Startup Folder Disabled Items] [Current User Startup Folder Disabled Items] >>> User Agent Post Platform <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] >>> AppInit Dll's <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs] C:\WINDOWS\System32\win_a3.dll = () >>> Image File Execution Options <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] \Your Image File Name Here without a path - Debugger = ntsd -d >>> Shell Service Object Delay Load <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation) \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation) >>> Shell Execute Hooks <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation) \\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Eudora's Shell Extension = C:\PROGRAM FILES\QUALCOMM\EUDORA\EUSHLEXT.DLL (Qualcomm Inc.) \\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard.Handler = C:\Program Files\SpywareGuard\spywareguard.dll () \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) >>> Shared Task Scheduler <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) >>> Winlogon <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] \\UserInit = C:\WINDOWS\system32\userinit.exe, \\Shell = Explorer.exe \\System = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] \crypt32chain - crypt32.dll = (Microsoft Corporation) \cryptnet - cryptnet.dll = (Microsoft Corporation) \cscdll - cscdll.dll = (Microsoft Corporation) \ScCertProp - wlnotify.dll = (Microsoft Corporation) \Schedule - wlnotify.dll = (Microsoft Corporation) \sclgntfy - sclgntfy.dll = (Microsoft Corporation) \SensLogn - WlNotify.dll = (Microsoft Corporation) \termsrv - wlnotify.dll = (Microsoft Corporation) \wlballoon - wlnotify.dll = (Microsoft Corporation) >>> DNS Name Servers <<< {C3425298-1772-4BC1-85FD-A11D16AECC2E} - (VIA PCI 10/100Mb Fast Ethernet Adapter) >>> All Winsock2 Catalogs <<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries] \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation) \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries] \000000000001\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000002\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000003\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000004\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000005\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000006\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000007\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000008\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000009\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000010\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000011\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000015\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000016\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000023\\PackedCatalogItem - CC:\WINDOWS\system32\CSLSP.DLL () >>> Protocol Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler] \ipp - () \msdaipp - () \vnd.ms.radio - C:\WINDOWS\System32\msdxm.ocx () >>> Protocol Filters (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter] >>> Selected AddOn's <<< »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  10. I have tried to run this program about 5 times now. Each time I run the program as you specified, my PC reboots itself. Is this a common occurence with this program? I don't know if something is wrong with my PC or is the the GMER program itself that is having the problem. Please advise. Thank you.
  11. I did not see anything regarding this instruction "leave [X]scan through Windows Explorer checked". So, I just clicked >scan then>next. I also did not get any rename option. 10/06/06 17:40:29 [info]: BlackLight Engine 1.0.47 initialized 10/06/06 17:40:29 [info]: OS: 5.1 build 2600 () 10/06/06 17:40:29 [Note]: 7019 4 10/06/06 17:40:29 [Note]: 7005 0 10/06/06 17:40:51 [Note]: 7006 0 10/06/06 17:40:51 [Note]: 7011 448 10/06/06 17:40:52 [Note]: 7026 0 10/06/06 17:40:52 [Note]: 7026 0 10/06/06 17:41:01 [Note]: FSRAW library version 1.7.1020 10/06/06 17:41:37 [Note]: 7007 0
  12. Logfile of HijackThis v1.99.1 Scan saved at 1:35:02 PM, on 10/6/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
  13. I copy/paste the "C:\WINDOWS\System32\win_a3.dll" into the box and clicked submit. It seemed to have worked. I got a screen with the following message after I hit the send file button "Your file (win_a3.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file". Thank you.
  14. When I attempted to browse and locate the file "C:\WINDOWS\System32\win_a3.dll", it is not there. I even ran HiJack again just to make sure it was still there and it is in the Hijack Logfile like I sent you. I ran a search on my computer and it does not find it either. I even went to the folder options on My Computer and checked all appropriate boxes and radio buttons to "show" all hidden files. I still had no success in locating it on my computer, even though it is showing up on the Hijack Logfile. Please advise. Thank you.
  15. Logfile of HijackThis v1.99.1 Scan saved at 8:32:49 AM, on 10/6/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A22FCC59-1921-45B8-AA99-CD01D1A01DA9} - http://nexpoly.co.kr/controls/nixplay25.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\win_a3.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe