Sponsored By

bluzdude

Members
  • Content Count

    35
  • Joined

  • Last visited

About bluzdude

  • Rank
    Full Member
  1. Deleted previous partial startuplist.txt file (post 10). See post 13 for zipped file.
  2. OK, I attached the zipped file of startuplist.txt. Hope I did it right. Ray startuplist.zip
  3. Danny, This list is huge! Is there an easy way to get the whole thing to post? Ray
  4. Hi Danny, here is the RootKitRevealer.txt file. Note: the last entry in the file is timestamped with the date and time I started having problems. Ray HKLM\SOFTWARE\Classes\webcal\URL Protocol 6/18/2004 11:12 PM 13 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\sysbus32 2/8/2006 10:24 AM 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet003\Services\sysbus32 2/8/2006 10:24 AM 0 bytes Hidden from Windows API. C:\Documents and Settings\Guest.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 12/26/2004 2:44 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Guest.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 12/26/2004 2:44 PM 300 bytes Hidden from Windows API. C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 12/7/2005 10:38 AM 0 bytes Hidden from Windows API. C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 12/7/2005 10:38 AM 300 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 2/4/2006 12:48 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#angelfire.com 10/13/2003 10:43 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#angelfire.com\settings.sol 10/13/2003 10:43 PM 83 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com 12/6/2005 12:31 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com\settings.sol 12/6/2005 12:31 PM 87 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#chat.alt.com 9/9/2005 9:31 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#chat.alt.com\settings.sol 9/9/2005 9:31 PM 82 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#espn.go.com 5/3/2004 12:06 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#espn.go.com\settings.sol 5/3/2004 12:06 PM 81 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash2.ifriends.net 10/7/2005 3:18 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash2.ifriends.net\settings.sol 10/7/2005 3:18 PM 89 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#go.com 10/19/2004 11:58 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#go.com\settings.sol 10/19/2004 11:58 PM 76 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local 7/29/2005 11:36 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 7/29/2005 11:36 PM 75 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mlb.com 10/14/2004 5:48 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mlb.com\settings.sol 10/14/2004 5:48 PM 77 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#naiadsystems.com 7/9/2005 12:01 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#naiadsystems.com\settings.sol 7/9/2005 12:01 PM 86 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#orders.webpower.com 10/7/2005 3:18 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#orders.webpower.com\settings.sol 10/7/2005 3:18 PM 89 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.paceadvantage.com 2/21/2005 4:17 PM 0 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.paceadvantage.com\settings.sol 2/21/2005 4:17 PM 91 bytes Hidden from Windows API. C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 2/4/2006 12:48 PM 591 bytes Hidden from Windows API. C:\WINDOWS\$xpsp1hfm$\Q328310\symbols\sys 9/16/2003 6:42 PM 0 bytes Hidden from Windows API. C:\WINDOWS\$xpsp1hfm$\Q328310\symbols\sys\win32k.pdb 9/16/2003 6:42 PM 1011.00 KB Hidden from Windows API. C:\WINDOWS\$xpsp1hfm$\Q329170\symbols\sys 9/16/2003 6:47 PM 0 bytes Hidden from Windows API. C:\WINDOWS\$xpsp1hfm$\Q329170\symbols\sys\srv.pdb 9/16/2003 6:47 PM 259.00 KB Hidden from Windows API. C:\WINDOWS\$xpsp1hfm$\Q810577\symbols\sys 9/16/2003 6:43 PM 0 bytes Hidden from Windows API. C:\WINDOWS\$xpsp1hfm$\Q810577\symbols\sys\mrxsmb.pdb 9/16/2003 6:43 PM 323.00 KB Hidden from Windows API. C:\WINDOWS\system32\drivers\sysbus32.sys 2/2/2006 2:45 AM 47.71 KB Hidden from Windows API.
  5. Hi Danny, Thanks for getting back with me. I did as you said and ran both programs. Below are the results of both scans: WinPFind scan: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... PTech 9/26/1997 11:04:00 AM 614728 C:\Program Files\PHD3D.HLP PTech 4/2/1997 8:39:12 AM 144380 C:\Program Files\PLXLAND.HLP Checking %WinDir% folder... qoologic 2/25/2005 4:23:44 PM 3936 C:\WINDOWS\hgkhch.dll urllogic 2/25/2005 4:23:44 PM 3936 C:\WINDOWS\hgkhch.dll abetterinternet.com 2/25/2005 4:23:44 PM 3936 C:\WINDOWS\hgkhch.dll UPX! 11/15/2005 2:49:20 PM 22016 C:\WINDOWS\sa22.dll UPX! 4/9/2005 2:06:12 AM 170053 C:\WINDOWS\tsc.exe PECompact2 4/9/2005 2:06:12 AM 13789155 C:\WINDOWS\VPTNFILE.504 qoologic 4/9/2005 2:06:12 AM 13789155 C:\WINDOWS\VPTNFILE.504 SAHAgent 4/9/2005 2:06:12 AM 13789155 C:\WINDOWS\VPTNFILE.504 UPX! 4/11/2005 9:33:38 PM 1044560 C:\WINDOWS\vsapi32.dll aspack 4/11/2005 9:33:38 PM 1044560 C:\WINDOWS\vsapi32.dll Checking %System% folder... PEC2 11/18/1996 748160 C:\WINDOWS\SYSTEM32\CO2C40EN.DLL UPX! 9/14/2003 1:20:04 PM 402944 C:\WINDOWS\SYSTEM32\Colors of Autumn Scenic Reflections.scr PEC2 8/23/2001 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 9/28/2005 3:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 9/28/2005 3:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll UPX! 8/23/2001 6:00:00 AM 32256 C:\WINDOWS\SYSTEM32\hksrv.dll UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com qoologic 4/12/2005 4:28:26 PM 10188019 C:\WINDOWS\SYSTEM32\pav.sig aspack 4/12/2005 4:28:26 PM 10188019 C:\WINDOWS\SYSTEM32\pav.sig SAHAgent 4/12/2005 4:28:26 PM 10188019 C:\WINDOWS\SYSTEM32\pav.sig winsync 4/12/2005 4:28:26 PM 10188019 C:\WINDOWS\SYSTEM32\pav.sig UPX! 8/21/2003 10:41:14 AM 12288 C:\WINDOWS\SYSTEM32\perfont.exe Umonitor 8/29/2002 4:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 5/25/2004 8:15:24 AM 730768 C:\WINDOWS\SYSTEM32\sg20.ocx winsync 8/23/2001 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 2/4/2006 8:13:30 PM S 2048 C:\WINDOWS\bootstat.dat 1/24/2006 4:41:24 PM H 54156 C:\WINDOWS\QTFont.qfn 2/4/2006 5:08:10 PM H 0 C:\WINDOWS\inf\oem29.inf 2/4/2006 6:31:50 PM H 0 C:\WINDOWS\LastGood\INF\oem30.inf 2/4/2006 6:31:50 PM H 0 C:\WINDOWS\LastGood\INF\oem30.PNF 2/4/2006 8:13:22 PM H 8192 C:\WINDOWS\system32\config\default.LOG 2/4/2006 8:13:46 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 2/4/2006 8:13:32 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG 2/4/2006 8:13:48 PM H 53248 C:\WINDOWS\system32\config\software.LOG 2/4/2006 8:13:36 PM H 958464 C:\WINDOWS\system32\config\system.LOG 2/2/2006 3:02:50 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0DQ3WP8Z\desktop.ini 2/2/2006 3:02:50 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CDU1MBKB\desktop.ini 2/2/2006 3:02:50 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MVSFGXMN\desktop.ini 2/2/2006 3:02:50 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WPC90BAD\desktop.ini 2/4/2006 8:12:14 PM H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 8/23/2001 6:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 5/30/2003 3:17:20 PM 579584 C:\WINDOWS\SYSTEM32\appwiz.cpl Logitech Inc. 1/18/2005 4:36:14 PM 282624 C:\WINDOWS\SYSTEM32\camcpl.cpl Microsoft Corporation 8/29/2002 4:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 8/29/2002 4:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/29/2002 4:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/29/2002 4:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems 2/22/2004 10:44:42 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl Apple Computer, Inc. 1/6/2004 3:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl Microsoft 3/2/1999 4:10:02 PM 49152 C:\WINDOWS\SYSTEM32\speech.cpl Microsoft Corporation 8/29/2002 4:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 8/29/2002 2:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 8/23/2001 6:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 8/21/2003 2:58:10 PM 910 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk.disabled 11/25/2003 12:50:08 AM 986 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk 8/21/2003 1:23:26 PM 1839 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Configuration Utility.lnk 8/21/2003 11:07:16 AM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini 7/29/2005 9:47:30 PM 1895 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk 8/21/2003 1:52:36 PM 1730 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk 9/14/2003 1:24:46 PM 519 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Screen Saver Control.lnk 6/3/2004 11:43:08 AM 1780 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Sprint FastConnect virtual assistant.lnk 12/18/2004 11:58:42 PM 808 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TK8 EasyNote 1.1.lnk 11/11/2005 8:47:12 AM 1075 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\U.S. Robotics Internet Call Notification.lnk 2/4/2006 6:45:06 PM 227840 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\xiwx.exe Checking files in %ALLUSERSPROFILE%\Application Data folder... 8/21/2003 5:51:22 AM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini Checking files in %USERPROFILE%\Startup folder... 2/4/2006 8:05:56 PM 964 C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Start Menu\Programs\Startup\BJ Status Monitor Canon i560.lnk 8/21/2003 11:07:16 AM HS 84 C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 8/21/2003 5:51:22 AM HS 62 C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\desktop.ini 5/11/2005 3:08:48 PM 47568 C:\Documents and Settings\Ray Baker.RAY-TWA0MACJQU8\Application Data\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ClamWin {65713842-C410-4f44-8383-BFE01A398C90} = C:\Program Files\ClamWin\bin\ExpShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fqsfyf {79281bfa-0166-47e3-a987-170475eb8f04} = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fqsfyfkq {1ae51be2-e6c6-4034-b7f4-e587ea9f2efb} = C:\WINDOWS\System32\flqfm.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ClamWin {65713842-C410-4f44-8383-BFE01A398C90} = C:\Program Files\ClamWin\bin\ExpShell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {D7F30B62-8269-41AF-9539-B2697FA7D77E} = Pop-Up Blocker : C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Toolbar : C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping MenuText = : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} ButtonText = UltimateBet : C:\Program Files\UltimateBet\UltimateBet.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Program Files\AIM\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} ButtonText = Share in Hello : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EFFF8D47-D060-4108-B761-E8EC86622E56} ButtonText = AbsolutePoker.com : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} ButtonText = Bodog Poker : C:\Program Files\Bodog Poker\GameClient.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {339BB23F-A864-48C0-A59F-29EA915965EC} = : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Toolbar : C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe USRpdA C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA 3c1807pd C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd Motive SmartBridge C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" Omnipage C:\Program Files\ScanSoft\OmniPageSE\opware32.exe LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot {0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\gnotify.exe WindowsUpdate ClamWin "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon winsync C:\WINDOWS\System32\wkqwaw.exe reg_run [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe C:\WINDOWS\System32\ctfmon.exe Yahoo! Pager C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet LDM \Program\BackWeb-8876480.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun -1 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run 3ccrdi C:\WINDOWS\System32\3ccrdi.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableTaskMgr 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll hksrv.dll {9F9F9DA8-51D1-448C-AC8A-49286CA475E2} = hksrv.dll SysTray.Exgl {636821FC-6F5C-2f1b-B164-E67214F678E2} = C:\WINDOWS\System32\eanpabpb.dll cqgRFWNHybAffnz {08E31D1A-A249-B7B0-87C4-13544E07915F} = C:\WINDOWS\System32\cbz.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 2/4/2006 8:20:16 PM Track goo scan: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "USRpdA"="C:\\WINDOWS\\SYSTEM32\\USRmlnkA.exe RunServices \\Device\\3cpipe-USRpdA" "3c1807pd"="C:\\WINDOWS\\SYSTEM32\\3cmlink.exe RunServices \\Device\\3cpipe-3c1807pd" "Motive SmartBridge"="C:\\PROGRA~1\\SPRINT~1\\SMARTB~1\\MotiveSB.exe" "AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\"" "Omnipage"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe" "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe" "WindowsUpdate"="" "ClamWin"="\"C:\\Program Files\\ClamWin\\bin\\ClamTray.exe\" --logon" "winsync"="C:\\WINDOWS\\System32\\wkqwaw.exe reg_run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" ----------------- Thanks again for the help. Ray
  6. Well, guess I've got worse problems than yopu thought. After installing Ewido and following your instructions I got to the point of clicking "Complete system scan" and when I clicked it Ewido just disappeared. Nothing happened at all. Tryed it several times, same thing , it just goes away. That's the same thing that happens to Yahoo Messenger and Cleanup, they just go away. I think I may have inadvertantly deleted a system file or 2 during my attempts to get control of my computer yesterday. What now?
  7. My computer became infected with viruses and after trying to fix it myself using Ad-aware, Spybot SD, HJT, etc. I think I'm still infected and now some of my applications won't run anymore, such as, SpybotSD, Yahoo Messenger, Cleanup, etc. Here is my latest HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:56:45 PM, on 2/2/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\WINDOWS\SYSTEM32\3cshtdwn.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\LVComsX.exe C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe C:\WINDOWS\FSScrCtl.exe C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.earthlink.net/~rbaker529/id2.html O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\wkqwaw.exe reg_run O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - Startup: BJ Status Monitor Canon i560.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk.disabled O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe O4 - Global Startup: U.S. Robotics Internet Call Notification.lnk = C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  8. Hi BT, I did as you asked, HJT did not detect "drexinit" after the Killbox delete sequence so, I assume it's gone for good. Rebooted and ran HJT again. Here's the latest log: Logfile of HijackThis v1.99.1 Scan saved at 2:22:32 PM, on 4/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\SYSTEM32\3cshtdwn.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe C:\WINDOWS\FSScrCtl.exe C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.earthlink.net/~rbaker529/id2.html O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: BJ Status Monitor Canon i560.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk.disabled O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe O4 - Global Startup: Instant Update Reminder.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe O4 - Global Startup: U.S. Robotics Internet Call Notification.lnk = C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112893923640 O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_0/controls/ybrequest.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_5_0/controls/YBUICtrl.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Ray (bluzdude)
  9. Here's the HSFIX log: Horseserver Removal Tool v1.05 by Atri - - 1. Registry Fix Started - Registry fix complete - 2. Deleted Services - WINLOW [sC] DeleteService SUCCESS vdmt16 [sC] DeleteService SUCCESS - 3. Finding files Located on system - klogini.dll p2.ini ps.a3d vdmt16.sys winlow.sys drct16.dll mszx23.exe cz.dll w32tm.exe - 4. Deleting files that were found. - unable to remove drct16.dll unable to remove mszx23.exe - 5. Checking for and Removing Winupdate - - -
  10. Here's the latest HJT log. The "HSFIX" log will follow: Logfile of HijackThis v1.99.1 Scan saved at 4:43:11 AM, on 4/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\SYSTEM32\3cshtdwn.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe C:\WINDOWS\FSScrCtl.exe C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.earthlink.net/~rbaker529/id2.html O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: BJ Status Monitor Canon i560.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk.disabled O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe O4 - Global Startup: Instant Update Reminder.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe O4 - Global Startup: U.S. Robotics Internet Call Notification.lnk = C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112893923640 O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_0/controls/ybrequest.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_5_0/controls/YBUICtrl.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  11. Man my desktop is giving me fits, it keeps blanking out, also when I'm trying to use windows explorer, it will disappear frequently and i have to start the navigation all over from scratch. the "keep.exe" file was not in the temp folder the "drct16.dll" file was not in the system32 folder the "\svschost.exe" file was not in the "3ecec789-....." folder, only the .dll file was there so I deleted the "3ecec789-..." folder completely how do I send you the c:\WINDOWS\drexinit.dll file to you? It won't open so I can't copy and paste the contents (?) Do I just right click the file in explorer and copy, then paste the clipboard here? Here's the HJT log after fixing the things you said to, (except those listed above, of course, as they couldn't be located): Logfile of HijackThis v1.99.1 Scan saved at 4:18:59 PM, on 4/8/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\SYSTEM32\3cshtdwn.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe C:\WINDOWS\FSScrCtl.exe C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\HiJackThis\HijackThis.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\imapi.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: BJ Status Monitor Canon i560.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk.disabled O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe O4 - Global Startup: Instant Update Reminder.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe O4 - Global Startup: U.S. Robotics Internet Call Notification.lnk = C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112893923640 O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_0/controls/ybrequest.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_5_0/controls/YBUICtrl.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  12. OK I'm back using Firefox browser, IE still won't let me access this forum, and will proceed with your instructions.
  13. hi dk, i'm having IE probs accessing this forum and am working with Jeff and Pierce in the chat to resolve that issue first, I am using firefox to post this, can't get here with IE at all
  14. Ok, I finally got Panda's scan to run and it disinfected all of the viruses, I think. I have run another HJT scan and here are the results, the "nowfind.biz" stuff is still there as Panda didn't fix any spyware/adware bugs. My computer is acting quite a bit better now but I still have a desktop that flashes on and off frequently, and my homepage is still hijacked. IE is working much better than before Panda's scan, at least I can access the internet without it freezing up on me now. I have the Panda log if you need it. Here's the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 1:10:21 AM, on 4/8/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\WINDOWS\SYSTEM32\3cshtdwn.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe C:\WINDOWS\FSScrCtl.exe C:\Program Files\InterMute\SpySubtract\SpySub.exe C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm58.exe C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe C:\WINDOWS\System32\imapi.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HiJackThis\HijackThis.exe C:\WINDOWS\explorer.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/clickpps.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/clickpps.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/clickpps.php O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\Pnel.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\RAYBAK~1.RAY\LOCALS~1\Temp\keep.exe O4 - HKLM\..\Run: [service Host] C:\WINDOWS\System32\Services\{3ECEC789-3315-4897-85C0-4945D264998A}\SVCHOST.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: BJ Status Monitor Canon i560.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk.disabled O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe O4 - Global Startup: Instant Update Reminder.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe O4 - Global Startup: U.S. Robotics Internet Call Notification.lnk = C:\Program Files\U.S. Robotics\Internet Call Notification\CallWaiting.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112893923640 O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_5_0/controls/ybrequest.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_5_0/controls/YBUICtrl.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe