CsrLiz344

Members
  • Content Count

    114
  • Joined

  • Last visited

Everything posted by CsrLiz344

  1. I might agree on the dirty part, it's not letting me do anything-as soon as I insert the disk I get the error, don't get far enough to format. (Guess it's time for early spring cleaning of the pc) Thanks!
  2. Everytime I try to use my floppy drive, I get this message: A:\ is not accessible. No ID address mark was found on the floppy disk. Anybody have a clue? (I sure don't).
  3. Maybe you could take her to their home page and let her read it for herself. If that doesn't work, let her go ahead and sue. It's gonna cost her money to have someone get into her PC to see what's loaded, and when they find nothing, you will be vindicated.
  4. As of yesterday, in NE Ohio, it's 1.99. Seems like the good old days.........
  5. Sidekick is right, there is only 1 place where you will find the peace you so desperately need. God promises us that He will give us love, peace, and a sound mind. I don't know how He does it, when our worlds are falling apart around us, but He does. All we need to do id trust in Him, and we find everything we need. I will be praying for the family, and the 7 children, it's a horrible thing to go through. Accept my condolences, God bless.
  6. I'm excited Call for Help is comin back!! I wonder if it will be as good, seeing as it's on that "other network"...............
  7. Well, I got it to open one way, and that was by allowing all Java on every site. But, if there's another way to do it, it would be better.
  8. Yes, it is, and the real whacky thing is, my hubby can get it to open on his screen (XP). What would be the diff?
  9. I d/l'd Firefox as njustice suggested, but now I have a problem When I try to go to my homepage (sbc yahoo dsl), I am not able to open the page. I get a red S on the left side, right above the page, that says Java is disabled. But, I have it enabled under Options. This is the message I get in the Javascript Console: Warning: The stylesheet http://dsl.sbc.yahoo.com/ was loaded as CSS even though its MIME type, "text/html", is not "text/css". I don't know what that means, but I can't access my homepage, which means I can't access my email, as I don't use OE. Help (again).......... P.S. Ok, the exact thing I get is a big red S with a circle that says after it Javascript currently forbidden, then in parenthesis it says (21 <script>)
  10. Thank you for all your help and time. You have been wonderful.
  11. That kinda makes me chuckle-if you had said clean up your temp files, I woulda known what you meant. All that fancy tech language had me confused lol Anyway, comp is running good, no dialer, no (so far) found new hardware comin up. I've got some fancy new programs if I ever need them again Thanks again. Anything else we need to do??
  12. BTW, here's the last HijackFree scan results: Switch language a-squared HiJackFree Analysis www.hijackfree.com Version info: Result ToDo Your used version of a-squared HiJackFree: 1.20 The current version of a-squared HiJackFree: 1.20 Your used operating system version: Windows XP Service Pack 2 The current version of your operating system: Windows XP Service Pack 2 Registry Autoruns: Result ToDo Name: IntelliPoint Path: C:\Program Files\Microsoft IntelliPoint\point32.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 3 - Bad: 0 View Details Name: AVG7_CC Path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 1 - Bad: 0 View Details Name: AVG7_EMC Path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 2 - Bad: 0 View Details Name: Zone Labs Client Path: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 2 - Bad: 0 View Details Name: YBrowser Path: C:\Program Files\Yahoo!\browser\ybrwicon.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 1 - Bad: 0 View Details Name: CursorXP Path: C:\Program Files\CursorXP\CursorXP.exe Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 1 - Bad: 0 View Details Name: PopUpStopperFreeEdition Path: C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 2 - Bad: 0 View Details Name: AIM Path: C:\Program Files\aim\aim.exe -cnetwait.odl Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 1 - Bad: 0 View Details Name: a-squared Path: C:\Program Files\a2\a2guard.exe Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 2 - Bad: 0 View Details Tricky and Other Autoruns: Result ToDo Name: load Path: Location: win.ini Not checked Unknown Item Search at Google Name: run Path: Location: win.ini Not checked Unknown Item Search at Google Name: shell Path: Explorer.exe Location: win.ini Not checked Unknown Item Search at Google Name: scrnsave.exe Path: C:\WINDOWS\system32\logon.scr Location: win.ini Not checked Unknown Item Search at Google Name: NUL Path: îÂ|8‘|ÿÿÿÿ2‘|«‘|ë‘| Location: win.ini Not checked Unknown Item Search at Google Name: NUL Path: îÂ|8‘|ÿÿÿÿ2‘|«‘|ë‘| Location: win.ini Not checked Unknown Item Search at Google Name: SBC Self Support Tool Path: Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Not checked Unknown Item Search at Google Name: AVG7_Run Path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE Location: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\ Not checked Unknown Item Search at Google Name: Shell Path: Explorer.exe Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ Not checked Unknown Item Search at Google Name: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} Path: C:\WINDOWS\inf\unregmp2.exe /ShowWMP Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {26923b43-4d38-484f-9b9e-de460746276c} Path: C:\WINDOWS\system32\system32\shmgrate.exe OCInstallUserConfigIE Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {881dd1c5-3dcf-431b-b061-f3f88e8be88a} Path: C:\WINDOWS\system32\system32\shmgrate.exe OCInstallUserConfigOE Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} Path: C:\WINDOWS\system32\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\system32\themeui.dll Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} Path: C:\Program Files\Outlook Express\setup50.exe /APP:OE /CALLER:WINNT /user /install Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {4b218e3e-bc98-4770-93d3-2731b9329278} Path: C:\WINDOWS\system32\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\system32\inf\ie.inf Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {5945c046-1e7d-11d1-bc44-00c04fd912be} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {7790769C-0471-11d2-AF11-00C04FA35D02} Path: C:\Program Files\Outlook Express\setup50.exe /APP:WAB /CALLER:WINNT /user /install Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {89820200-ECBD-11cf-8B85-00AA005B4340} Path: regsvr32.exe /s /n /i:U shell32.dll Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {89820200-ECBD-11cf-8B85-00AA005B4383} Path: C:\WINDOWS\system32\system32\ie4uinit.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: VBScript Script File Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %* Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\ Not checked Unknown Item Search at Google Name: VBScript Encoded Script File Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %* Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\ Not checked Unknown Item Search at Google Name: JScript Script File Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %* Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\ Not checked Unknown Item Search at Google Name: JScript Encoded Script File Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %* Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\ Not checked Unknown Item Search at Google Name: Windows Script Host Settings File Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %* Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\ Not checked Unknown Item Search at Google Name: Windows Script File Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %* Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\ Not checked Unknown Item Search at Google Name: Application Path: %1 %* Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\ Not checked Unknown Item Search at Google Name: MS-DOS Application Path: %1 %* Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\ Not checked Unknown Item Search at Google Name: MS-DOS Batch File Path: %1 %* Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\ Not checked Unknown Item Search at Google Name: Screen Saver Path: %1 /S Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ Not checked Unknown Item Search at Google Name: Shortcut to MS-DOS Program Path: %1 %* Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\ Not checked Unknown Item Search at Google Name: wbsys.dll Path: wbsys.dll Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ Not checked Unknown Item Search at Google Name: SCRNSAVE.EXE Path: C:\WINDOWS\system32\logon.scr Location: HKCU\Control Panel\Desktop\ Not checked Unknown Item Search at Google Name: BootExecute Path: autocheck autochk * Location: HKLM\System\CurrentControlSet\Control\Session Manager\ Not checked Unknown Item Search at Google Name: 0aMCPClient Path: C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Name: PostBootReminder Path: C:\WINDOWS\system32\system32\SHELL32.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Name: CDBurn Path: C:\WINDOWS\system32\system32\SHELL32.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Name: WebCheck Path: C:\WINDOWS\system32\System32\webcheck.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Name: SysTray Path: C:\WINDOWS\system32\stobject.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Layered Service Providers (LSP): Result ToDo Name: mswsock.dll Path: C:\WINDOWS\system32\system32\ Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ Good: 1 - Bad: 0 View Details Name: rsvpsp.dll Path: C:\WINDOWS\system32\system32\ Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ Good: 1 - Bad: 0 View Details Explorer And Browser Addons: Result ToDo Name: Yahoo! Companion BHO Path: C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ClsID: {02478D38-C3F9-4efb-9B51-7695ECA05670} Good: 1 - Bad: 0 View Details Name: AcroIEHlprObj Class Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ClsID: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Good: 1 - Bad: 0 View Details Name: Path: C:\PROGRA~1\SPYBOT~1\SDHelper.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ClsID: {53707962-6F74-2D53-2644-206D7942484F} Good: 1 - Bad: 0 View Details Name: URL Exec Hook Path: shell32.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972} Good: 0 - Bad: 0 Unknown Item Search at Google Name: Yahoo! Companion Path: C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll Location: HKLM\Software\Microsoft\Internet Explorer\Toolbar\ ClsID: {EF99BD32-C1FB-11D2-892F-0090271D4F88} Good: 1 - Bad: 0 View Details Local Open Ports: Result ToDo Port: 135 TCP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 772) Good: 1 - Bad: 0 View Details Port: 139 TCP Path: ? (Process ID: 4) Good: 1 - Bad: 0 View Details Port: 445 TCP Path: ? (Process ID: 4) Good: 1 - Bad: 0 View Details Port: 1027 TCP Path: C:\WINDOWS\system32\alg.exe (Process ID: 924) Good: 1 - Bad: 0 View Details Port: 1051 TCP Path: C:\Program Files\aim\aim.exe (Process ID: 128) Good: 0 - Bad: 0 Unknown Item Search at Google Port: 1059 TCP Path: ? (Process ID: 128) Good: 0 - Bad: 0 Unknown Item Search at Google Port: 5180 TCP Path: ? (Process ID: 128) Good: 0 - Bad: 0 Unknown Item Search at Google Port: 10110 TCP Path: C:\Program Files\Grisoft\AVG Free\avgemc.exe (Process ID: 2000) Good: 0 - Bad: 0 Unknown Item Search at Google Port: 123 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 836) Good: 1 - Bad: 0 View Details Port: 123 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 836) Good: 1 - Bad: 0 View Details Port: 137 UDP Path: ? (Process ID: 4) Good: 1 - Bad: 0 View Details Port: 138 UDP Path: ? (Process ID: 4) Good: 1 - Bad: 0 View Details Port: 445 UDP Path: ? (Process ID: 4) Good: 1 - Bad: 0 View Details Port: 500 UDP Path: C:\WINDOWS\system32\lsass.exe (Process ID: 580) Good: 1 - Bad: 0 View Details Port: 1052 UDP Path: C:\Program Files\Grisoft\AVG Free\avgemc.exe (Process ID: 128) Good: 0 - Bad: 0 Unknown Item Search at Google Port: 1900 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 900) Good: 0 - Bad: 0 Unknown Item Search at Google Port: 1900 UDP Path: C:\WINDOWS\system32\svchost.exe (Process ID: 900) Good: 0 - Bad: 0 Unknown Item Search at Google Port: 4500 UDP Path: C:\WINDOWS\system32\lsass.exe (Process ID: 580) Good: 0 - Bad: 0 Unknown Item Search at Google Running Processes: Result ToDo Name: [system Process] Process ID: 0 Path: Info: Threads: 1 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: System Process ID: 4 Path: Info: Threads: 59 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: aim.exe Process ID: 128 Path: C:\Program Files\aim\ Info: Threads: 11 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: a2guard.exe Process ID: 148 Path: C:\Program Files\a2\ Info: Threads: 10 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: ycommon.exe Process ID: 184 Path: C:\Program Files\Yahoo!\browser\ Info: Threads: 9 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: smss.exe Process ID: 452 Path: C:\WINDOWS\system32\ Info: Threads: 3 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: csrss.exe Process ID: 500 Path: C:\WINDOWS\system32\ Info: Threads: 11 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: winlogon.exe Process ID: 524 Path: C:\WINDOWS\system32\ Info: Threads: 19 - Priority: High - Visible: No Good: 1 - Bad: 0 View Details Name: services.exe Process ID: 568 Path: C:\WINDOWS\system32\ Info: Threads: 15 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: lsass.exe Process ID: 580 Path: C:\WINDOWS\system32\ Info: Threads: 21 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: svchost.exe Process ID: 724 Path: C:\WINDOWS\system32\ Info: Threads: 19 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: svchost.exe Process ID: 772 Path: C:\WINDOWS\system32\ Info: Threads: 10 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: svchost.exe Process ID: 836 Path: C:\WINDOWS\system32\ Info: Threads: 85 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: svchost.exe Process ID: 900 Path: C:\WINDOWS\system32\ Info: Threads: 14 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: alg.exe Process ID: 924 Path: C:\WINDOWS\system32\ Info: Threads: 6 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: mpbtn.exe Process ID: 996 Path: C:\Program Files\SBC Self Support Tool\bin\ Info: Threads: 1 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: spoolsv.exe Process ID: 1132 Path: C:\WINDOWS\system32\ Info: Threads: 15 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: SDMCP.exe Process ID: 1256 Path: C:\Program Files\Common Files\Stardock\ Info: Threads: 2 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: wbload.exe Process ID: 1292 Path: C:\Program Files\Stardock\Object Desktop\WindowBlinds\ Info: Threads: 1 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: avgamsvr.exe Process ID: 1364 Path: C:\Program Files\Grisoft\AVG Free\ Info: Threads: 10 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: avgupsvc.exe Process ID: 1380 Path: C:\Program Files\Grisoft\AVG Free\ Info: Threads: 4 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: KodakCCS.exe Process ID: 1452 Path: C:\WINDOWS\system32\drivers\ Info: Threads: 2 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: ScsiAccess.EXE Process ID: 1492 Path: C:\WINDOWS\system32\ Info: Threads: 2 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: svchost.exe Process ID: 1532 Path: C:\WINDOWS\system32\ Info: Threads: 8 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: wdfmgr.exe Process ID: 1556 Path: C:\WINDOWS\system32\ Info: Threads: 6 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: vsmon.exe Process ID: 1592 Path: C:\WINDOWS\system32\ZoneLabs\ Info: Threads: 22 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: Explorer.EXE Process ID: 1788 Path: C:\WINDOWS\ Info: Threads: 13 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: point32.exe Process ID: 1984 Path: C:\Program Files\Microsoft IntelliPoint\ Info: Threads: 4 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: avgcc.exe Process ID: 1992 Path: C:\Program Files\Grisoft\AVG Free\ Info: Threads: 7 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: avgemc.exe Process ID: 2000 Path: C:\Program Files\Grisoft\AVG Free\ Info: Threads: 8 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: zlclient.exe Process ID: 2008 Path: C:\Program Files\Zone Labs\ZoneAlarm\ Info: Threads: 6 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: ybrwicon.exe Process ID: 2016 Path: C:\Program Files\Yahoo!\browser\ Info: Threads: 6 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: jusched.exe Process ID: 2024 Path: C:\Program Files\Java\jre1.5.0_04\bin\ Info: Threads: 1 - Priority: Normal - Visible: No Good: 2 - Bad: 0 View Details Name: CursorXP.exe Process ID: 2032 Path: C:\Program Files\CursorXP\ Info: Threads: 2 - Priority: High - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: PSFree.exe Process ID: 2044 Path: C:\Program Files\Panicware\Pop-Up Stopper Free Edition\ Info: Threads: 1 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: wuauclt.exe Process ID: 2052 Path: C:\WINDOWS\system32\ Info: Threads: 8 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: a2start.exe Process ID: 2744 Path: C:\Program Files\a2\ Info: Threads: 1 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: a2sys.exe (a-squared HiJackFree) Process ID: 2764 Path: C:\Program Files\a2\ Info: Threads: 2 - Priority: Normal - Visible: Yes Good: 1 - Bad: 0 View Details This analysis is saved and available for at least 7 days at this website address. Analysis generated on 7/19/2005 1:54:38 AM
  13. Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!) [*]C:\Windows\Temp\ [*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ [*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\ [*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested. [*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\ [*]Empty your "Recycle Bin" Can you explain that? I admit to being a little computer savvy, but that escapes me Thanks!
  14. Ok, these are the results, I don't understand them, hopefully you can figure it out. Incident Status Location Adware:adware/pacimedia No disinfected C:\WINDOWS\SYSTEM32\ps1.exe Adware:adware/exactsearch No disinfected C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\blank.gif Adware:adware/delfinmedia No disinfected C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\motoin.exe Adware:adware/nsearch No disinfected C:\sp.exe Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.dll Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe Adware:adware/myway No disinfected C:\PROGRAM FILES\MySearch Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX Adware:adware/wupd No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIAACCX.DLL Adware:adware/wintools No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_WINTOOLSSVC Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908} Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\Q4LV5IYF\upd208[1].exe Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[beowser.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[cBbinet.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[cqutil.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[cwypt32.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[dmsrslvr.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[doquery.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[dv16gt.dLL] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[dXvclnt.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[fedrclnr.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[ibcoin2.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[idetcfg.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[ksdsl1.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[kxcp32.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[kydhe220.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[lHprxy.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[lutif11n.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[mcident.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[mjprivs.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[mvdtclog.dll] Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[guard.tmp] Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\Liz\Local Settings\Temp\motoin.exe Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Local Settings\Temp\upd208.exe Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\DFBJLT8E\upd208[1].exe Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[drloader.dll] Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[iaxrip.dll] Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[iyfosoft.dll] Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[jkproxy.dll] Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[madtclog.dll] Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[guard.tmp] Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WONWebLauncherControl.ocx Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WONWebLauncherControl.ocx Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\WONWebLauncherControl.ocx Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\WONWebLauncherControl.ocx Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\WONWebLauncherControl.ocx Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\WONWebLauncherControl.ocx Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\WONWebLauncherControl.ocx Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\WONWebLauncherControl.ocx Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\WONWebLauncherControl.ocx Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.ocx Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Downloaded Program Files\pcs_0006.exe Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx Adware:Adware/BookedSpace No disinfected C:\WINDOWS\lhzgzhbk.exe Possible Virus. No disinfected C:\WINDOWS\Live_Sex.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe Adware:Adware/Look2Me No disinfected C:\WINDOWS\temp\upd208.exe Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe I also d/l'd the other software, after the scan, this is the web addy to check the results http://www.hijackfree.com/analyze/?id=a3ac...21-f1303aa2d81e
  15. I got the Panda done, it found a bunch of spyware, will do the other in the morning. Do you want the names of them, I saved the report.
  16. Service load: 0% 100% File: pcconfig.dat Status: OK MD5 51ca4ba7556c2a4bb0e981da7bc8b907 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing Service load: 0% 100% File: uccspecb.sys Status: OK MD5 0bd3364b4dd4cea7c2c7426598491a12 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing
  17. Ok, Skyes' account has been deleted, so we now have 3 to work with. All her files were deleted also. mine WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running. »»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... UPX! C:\log.txt PEC2 C:\log.txt PEC2 C:\win.txt UPX! C:\windows.txt Checking %ProgramFilesDir% folder... Checking %WinDir% folder... PECompact2 C:\WINDOWS\lpt$vpn.731 qoologic C:\WINDOWS\lpt$vpn.731 SAHAgent C:\WINDOWS\lpt$vpn.731 abetterinternet.com C:\WINDOWS\ojojo.dll web-nex C:\WINDOWS\ojojo.dll UPX! C:\WINDOWS\RMAgentOutput.dll UPX! C:\WINDOWS\tsc.exe PECompact2 C:\WINDOWS\VPTNFILE.731 qoologic C:\WINDOWS\VPTNFILE.731 SAHAgent C:\WINDOWS\VPTNFILE.731 UPX! C:\WINDOWS\vsapi32.dll aspack C:\WINDOWS\vsapi32.dll Checking %System% folder... PEC2 C:\WINDOWS\system32\dfrg.msc UPX! C:\WINDOWS\system32\locate.com PECompact2 C:\WINDOWS\system32\MRT.exe aspack C:\WINDOWS\system32\MRT.exe aspack C:\WINDOWS\system32\ntdll.dll PEC2 C:\WINDOWS\system32\oembios.bin Umonitor C:\WINDOWS\system32\rasdlg.dll Checking %System%\Drivers folder and sub-folders... UPX! C:\WINDOWS\system32\drivers\avg7core.sys FSG! C:\WINDOWS\system32\drivers\avg7core.sys aspack C:\WINDOWS\system32\drivers\avg7core.sys PTech C:\WINDOWS\system32\drivers\mtlstrm.sys Checking the Windows folder for system and hidden files within the last 60 days... 6/18/2005 C:\WINDOWS\pcconfig.dat 7/13/2005 C:\WINDOWS\uccspecb.sys 7/13/2005 C:\WINDOWS\WindowsShellOld.Manifest 6/22/2005 C:\WINDOWS\inf\oem26.inf 5/28/2005 C:\WINDOWS\Minidump\Mini052805-01.dmp 6/1/2005 C:\WINDOWS\Minidump\Mini060105-01.dmp 6/17/2005 C:\WINDOWS\system32\AuxDrv32b_g.oxc 7/17/2005 C:\WINDOWS\system32\vsconfig.xml 5/28/2005 C:\WINDOWS\system32\zllictbl.dat 7/17/2005 C:\WINDOWS\system32\config\default.LOG 7/17/2005 C:\WINDOWS\system32\config\SAM.LOG 7/17/2005 C:\WINDOWS\system32\config\SECURITY.LOG 7/17/2005 C:\WINDOWS\system32\config\software.LOG 7/17/2005 C:\WINDOWS\system32\config\system.LOG 7/13/2005 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2e7a6763-87c2-428c-a82b-f5fa0d94af0b 7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 7/17/2005 C:\WINDOWS\Tasks\SA.DAT »»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»» Checking %ALLUSERSPROFILE%\Startup folder... Checking %ALLUSERSPROFILE%\Application Data folder... Checking %USERPROFILE%\Startup folder... Checking %USERPROFILE%\Application Data folder... »»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»» *\shellex\ContextMenuHandlers *\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll *\shellex\ContextMenuHandlers\nfnfnsxg {c5583504-9ba4-4eda-bb2d-5f62737ad84d} = *\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll *\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll *\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll *\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll *\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = SOFTWARE\Classes\Folder\shellex\ColumnHandlers SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe" AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe YBrowser C:\Program Files\Yahoo!\browser\ybrwicon.exe SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe RegistryMechanic HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DW4 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient = C:\Program Files\Common Files\Stardock\mcpstub.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\0aMCPClient {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Salwrap.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UserInit C:\WINDOWS\system32\userinit.exe, Shell Explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs wbsys.dll »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.0.0.8 - Log file written to "WinPFind.Txt" in the WinPFind folder. Rick WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running. »»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... UPX! C:\log.txt PEC2 C:\log.txt PEC2 C:\win.txt UPX! C:\windows.txt Checking %ProgramFilesDir% folder... Checking %WinDir% folder... PECompact2 C:\WINDOWS\lpt$vpn.731 qoologic C:\WINDOWS\lpt$vpn.731 SAHAgent C:\WINDOWS\lpt$vpn.731 abetterinternet.com C:\WINDOWS\ojojo.dll web-nex C:\WINDOWS\ojojo.dll UPX! C:\WINDOWS\RMAgentOutput.dll UPX! C:\WINDOWS\tsc.exe PECompact2 C:\WINDOWS\VPTNFILE.731 qoologic C:\WINDOWS\VPTNFILE.731 SAHAgent C:\WINDOWS\VPTNFILE.731 UPX! C:\WINDOWS\vsapi32.dll aspack C:\WINDOWS\vsapi32.dll Checking %System% folder... PEC2 C:\WINDOWS\system32\dfrg.msc UPX! C:\WINDOWS\system32\locate.com PECompact2 C:\WINDOWS\system32\MRT.exe aspack C:\WINDOWS\system32\MRT.exe aspack C:\WINDOWS\system32\ntdll.dll PEC2 C:\WINDOWS\system32\oembios.bin Umonitor C:\WINDOWS\system32\rasdlg.dll Checking %System%\Drivers folder and sub-folders... UPX! C:\WINDOWS\system32\drivers\avg7core.sys FSG! C:\WINDOWS\system32\drivers\avg7core.sys aspack C:\WINDOWS\system32\drivers\avg7core.sys PTech C:\WINDOWS\system32\drivers\mtlstrm.sys Checking the Windows folder for system and hidden files within the last 60 days... 6/18/2005 C:\WINDOWS\pcconfig.dat 7/13/2005 C:\WINDOWS\uccspecb.sys 7/13/2005 C:\WINDOWS\WindowsShellOld.Manifest 6/22/2005 C:\WINDOWS\inf\oem26.inf 5/28/2005 C:\WINDOWS\Minidump\Mini052805-01.dmp 6/1/2005 C:\WINDOWS\Minidump\Mini060105-01.dmp 6/17/2005 C:\WINDOWS\system32\AuxDrv32b_g.oxc 7/17/2005 C:\WINDOWS\system32\vsconfig.xml 5/28/2005 C:\WINDOWS\system32\zllictbl.dat 7/17/2005 C:\WINDOWS\system32\config\default.LOG 7/17/2005 C:\WINDOWS\system32\config\SAM.LOG 7/17/2005 C:\WINDOWS\system32\config\SECURITY.LOG 7/17/2005 C:\WINDOWS\system32\config\software.LOG 7/17/2005 C:\WINDOWS\system32\config\system.LOG 7/13/2005 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2e7a6763-87c2-428c-a82b-f5fa0d94af0b 7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 7/17/2005 C:\WINDOWS\Tasks\SA.DAT »»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»» Checking %ALLUSERSPROFILE%\Startup folder... Checking %ALLUSERSPROFILE%\Application Data folder... Checking %USERPROFILE%\Startup folder... Checking %USERPROFILE%\Application Data folder... »»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»» *\shellex\ContextMenuHandlers *\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll *\shellex\ContextMenuHandlers\nfnfnsxg {c5583504-9ba4-4eda-bb2d-5f62737ad84d} = *\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll *\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll *\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll *\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll *\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = SOFTWARE\Classes\Folder\shellex\ColumnHandlers SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe" AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe YBrowser C:\Program Files\Yahoo!\browser\ybrwicon.exe SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe RegistryMechanic HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DW4 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient = C:\Program Files\Common Files\Stardock\mcpstub.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\0aMCPClient {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Salwrap.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UserInit C:\WINDOWS\system32\userinit.exe, Shell Explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs wbsys.dll »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.0.0.8 - Log file written to "WinPFind.Txt" in the WinPFind folder. Jade WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running. »»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... UPX! C:\log.txt PEC2 C:\log.txt PEC2 C:\win.txt UPX! C:\windows.txt Checking %ProgramFilesDir% folder... Checking %WinDir% folder... PECompact2 C:\WINDOWS\lpt$vpn.731 qoologic C:\WINDOWS\lpt$vpn.731 SAHAgent C:\WINDOWS\lpt$vpn.731 abetterinternet.com C:\WINDOWS\ojojo.dll web-nex C:\WINDOWS\ojojo.dll UPX! C:\WINDOWS\RMAgentOutput.dll UPX! C:\WINDOWS\tsc.exe PECompact2 C:\WINDOWS\VPTNFILE.731 qoologic C:\WINDOWS\VPTNFILE.731 SAHAgent C:\WINDOWS\VPTNFILE.731 UPX! C:\WINDOWS\vsapi32.dll aspack C:\WINDOWS\vsapi32.dll Checking %System% folder... PEC2 C:\WINDOWS\system32\dfrg.msc UPX! C:\WINDOWS\system32\locate.com PECompact2 C:\WINDOWS\system32\MRT.exe aspack C:\WINDOWS\system32\MRT.exe aspack C:\WINDOWS\system32\ntdll.dll PEC2 C:\WINDOWS\system32\oembios.bin Umonitor C:\WINDOWS\system32\rasdlg.dll Checking %System%\Drivers folder and sub-folders... UPX! C:\WINDOWS\system32\drivers\avg7core.sys FSG! C:\WINDOWS\system32\drivers\avg7core.sys aspack C:\WINDOWS\system32\drivers\avg7core.sys PTech C:\WINDOWS\system32\drivers\mtlstrm.sys Checking the Windows folder for system and hidden files within the last 60 days... 6/18/2005 C:\WINDOWS\pcconfig.dat 7/13/2005 C:\WINDOWS\uccspecb.sys 7/13/2005 C:\WINDOWS\WindowsShellOld.Manifest 6/22/2005 C:\WINDOWS\inf\oem26.inf 5/28/2005 C:\WINDOWS\Minidump\Mini052805-01.dmp 6/1/2005 C:\WINDOWS\Minidump\Mini060105-01.dmp 6/17/2005 C:\WINDOWS\system32\AuxDrv32b_g.oxc 7/16/2005 C:\WINDOWS\system32\vsconfig.xml 5/28/2005 C:\WINDOWS\system32\zllictbl.dat 7/16/2005 C:\WINDOWS\system32\config\default.LOG 7/16/2005 C:\WINDOWS\system32\config\SAM.LOG 7/16/2005 C:\WINDOWS\system32\config\SECURITY.LOG 7/16/2005 C:\WINDOWS\system32\config\software.LOG 7/16/2005 C:\WINDOWS\system32\config\system.LOG 7/13/2005 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2e7a6763-87c2-428c-a82b-f5fa0d94af0b 7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 7/16/2005 C:\WINDOWS\Tasks\SA.DAT 7/6/2005 C:\WINDOWS\temp\History\History.IE5\desktop.ini 7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini 7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\9JGKA28P\desktop.ini 7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\H1WQ1U85\desktop.ini 7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\OTIR0D2B\desktop.ini 7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XBU7GHEZ\desktop.ini »»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»» Checking %ALLUSERSPROFILE%\Startup folder... Checking %ALLUSERSPROFILE%\Application Data folder... Checking %USERPROFILE%\Startup folder... Checking %USERPROFILE%\Application Data folder... »»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»» *\shellex\ContextMenuHandlers *\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll *\shellex\ContextMenuHandlers\nfnfnsxg {c5583504-9ba4-4eda-bb2d-5f62737ad84d} = *\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll *\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll *\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll *\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll *\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = SOFTWARE\Classes\Folder\shellex\ColumnHandlers SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe" AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe YBrowser C:\Program Files\Yahoo!\browser\ybrwicon.exe SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe RegistryMechanic HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe AIM C:\Program Files\aim\aim.exe -cnetwait.odl Yahoo! Pager "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient = C:\Program Files\Common Files\Stardock\mcpstub.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\0aMCPClient {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Salwrap.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UserInit C:\WINDOWS\system32\userinit.exe, Shell Explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs wbsys.dll »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.0.0.8 - Log file written to "WinPFind.Txt" in the WinPFind folder. I haven't gotten the "new hardware" message the last couple times I was logging on and off the different accounts. Next time I do, I will let you know what they say. Thanks!!
  18. ok, here ya go: mine Logfile of HijackThis v1.99.1 Scan saved at 7:42:57 AM, on 7/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\CursorXP\CursorXP.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\aim\aim.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE Rick Logfile of HijackThis v1.99.1 Scan saved at 7:49:37 AM, on 7/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE Jade Logfile of HijackThis v1.99.1 Scan saved at 7:47:09 AM, on 7/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\aim\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/segmentation/welco...version=puccini R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE Skye Logfile of HijackThis v1.99.1 Scan saved at 7:51:37 AM, on 7/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\aim\aim.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\DOCUME~1\Skye\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE Also, I wanted to ask you, actually hubby did, we always have 2 'new hardware found' boxes come up when we all log on. One is CLID, or similiar, and the other is MSTREAM. How do you get rid of those? Not that they hurt anything, just a pain.
  19. Okie dokie, here ya go: C:\Documents and Settings\Liz\Desktop\rkfiles PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 C:\WINDOWS\system32\oembios.bin: peC2"y)Q Files Found in all users startup Folder............ ------------------------ Files Found in all users windows Folder............ ------------------------ C:\WINDOWS\imgurla.exe: UPX! C:\WINDOWS\RMAgentOutput.dll: UPX! C:\WINDOWS\tsc.exe: UPX! C:\WINDOWS\vsapi32.dll: UPX!t4 Finished bye
  20. Did the rkfiles thing, copied the log, hit paste, and when I got back here, there's nothing there. There wasn't a whole lot on it, I can do it again and write it down if you need it. We are all admins, and I rebooted into his screen and that dialer didn't come up (woohoo)!!!!! As far as how the comp is running, it's fine. Seems faster now then it was (DSL), maybe cause all that crap is gone. The one thing I noticed, and I think I mentioned it earlier, is my system restore is whacked. I don't plan on restoring it, but the only date available is yesterday's. Nothing else is bold, and I can't switch months.
  21. Ok, did all that. My original problem, which is on the support forum, is still there! UGH! It's the XXX Dialer on hubbys screen. I ran HJT on that one, and didn't see anything different than mine. The red app for Yahoo is still on his, but that's about it. ::sigh:: Decided to d/l a 30 day trial of PC_Cillin while I was waiting for the trend scan, but it kept making my computer reboot by itself. Needless to say, it's gone Anyway, here's the latest log. And, BTW, I appreciate everybody's help, you guys rock! Logfile of HijackThis v1.99.1 Scan saved at 9:45:17 AM, on 7/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\CursorXP\CursorXP.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\aim\aim.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Yahoo!\browser\ybrowser.exe C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\drloader.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  22. Fix Log L2Mfix 1.03a Running From: C:\Documents and Settings\Liz\Desktop\l2mfix RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C(CI) access for predefined group "Administrators" - adding new ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- BUILTIN\Administrators (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Setting up for Reboot Starting Reboot! C:\Documents and Settings\Liz\Desktop\l2mfix System Rebooted! Running From: C:\Documents and Settings\Liz\Desktop\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 [email protected] Killing PID 1920 'explorer.exe' Killing PID 1920 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 [email protected] Killing PID 1312 'rundll32.exe' Killing PID 1684 'rundll32.exe' Killing PID 196 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\beowser.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\beowser.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\cBbinet.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\cBbinet.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\cqutil.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\cqutil.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\cwypt32.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\cwypt32.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dmsrslvr.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dmsrslvr.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\doquery.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\doquery.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dv16gt.dLL 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dv16gt.dLL 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dXvclnt.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\dXvclnt.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\fedrclnr.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\fedrclnr.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ibcoin2.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ibcoin2.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\idetcfg.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\idetcfg.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ksdsl1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\ksdsl1.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kxcp32.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kxcp32.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kydhe220.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\kydhe220.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lHprxy.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lHprxy.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lutif11n.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\lutif11n.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mcident.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mcident.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mjprivs.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mjprivs.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mvdtclog.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\mvdtclog.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\guard.tmp 1 file(s) copied. Backing Up: C:\WINDOWS\system32\guard.tmp 1 file(s) copied. deleting: C:\WINDOWS\system32\beowser.dll Successfully Deleted: C:\WINDOWS\system32\beowser.dll deleting: C:\WINDOWS\system32\beowser.dll Successfully Deleted: C:\WINDOWS\system32\beowser.dll deleting: C:\WINDOWS\system32\cBbinet.dll Successfully Deleted: C:\WINDOWS\system32\cBbinet.dll deleting: C:\WINDOWS\system32\cBbinet.dll Successfully Deleted: C:\WINDOWS\system32\cBbinet.dll deleting: C:\WINDOWS\system32\cqutil.dll Successfully Deleted: C:\WINDOWS\system32\cqutil.dll deleting: C:\WINDOWS\system32\cqutil.dll Successfully Deleted: C:\WINDOWS\system32\cqutil.dll deleting: C:\WINDOWS\system32\cwypt32.dll Successfully Deleted: C:\WINDOWS\system32\cwypt32.dll deleting: C:\WINDOWS\system32\cwypt32.dll Successfully Deleted: C:\WINDOWS\system32\cwypt32.dll deleting: C:\WINDOWS\system32\dmsrslvr.dll Successfully Deleted: C:\WINDOWS\system32\dmsrslvr.dll deleting: C:\WINDOWS\system32\dmsrslvr.dll Successfully Deleted: C:\WINDOWS\system32\dmsrslvr.dll deleting: C:\WINDOWS\system32\doquery.dll Successfully Deleted: C:\WINDOWS\system32\doquery.dll deleting: C:\WINDOWS\system32\doquery.dll Successfully Deleted: C:\WINDOWS\system32\doquery.dll deleting: C:\WINDOWS\system32\dv16gt.dLL Successfully Deleted: C:\WINDOWS\system32\dv16gt.dLL deleting: C:\WINDOWS\system32\dv16gt.dLL Successfully Deleted: C:\WINDOWS\system32\dv16gt.dLL deleting: C:\WINDOWS\system32\dXvclnt.dll Successfully Deleted: C:\WINDOWS\system32\dXvclnt.dll deleting: C:\WINDOWS\system32\dXvclnt.dll Successfully Deleted: C:\WINDOWS\system32\dXvclnt.dll deleting: C:\WINDOWS\system32\fedrclnr.dll Successfully Deleted: C:\WINDOWS\system32\fedrclnr.dll deleting: C:\WINDOWS\system32\fedrclnr.dll Successfully Deleted: C:\WINDOWS\system32\fedrclnr.dll deleting: C:\WINDOWS\system32\ibcoin2.dll Successfully Deleted: C:\WINDOWS\system32\ibcoin2.dll deleting: C:\WINDOWS\system32\ibcoin2.dll Successfully Deleted: C:\WINDOWS\system32\ibcoin2.dll deleting: C:\WINDOWS\system32\idetcfg.dll Successfully Deleted: C:\WINDOWS\system32\idetcfg.dll deleting: C:\WINDOWS\system32\idetcfg.dll Successfully Deleted: C:\WINDOWS\system32\idetcfg.dll deleting: C:\WINDOWS\system32\ksdsl1.dll Successfully Deleted: C:\WINDOWS\system32\ksdsl1.dll deleting: C:\WINDOWS\system32\ksdsl1.dll Successfully Deleted: C:\WINDOWS\system32\ksdsl1.dll deleting: C:\WINDOWS\system32\kxcp32.dll Successfully Deleted: C:\WINDOWS\system32\kxcp32.dll deleting: C:\WINDOWS\system32\kxcp32.dll Successfully Deleted: C:\WINDOWS\system32\kxcp32.dll deleting: C:\WINDOWS\system32\kydhe220.dll Successfully Deleted: C:\WINDOWS\system32\kydhe220.dll deleting: C:\WINDOWS\system32\kydhe220.dll Successfully Deleted: C:\WINDOWS\system32\kydhe220.dll deleting: C:\WINDOWS\system32\lHprxy.dll Successfully Deleted: C:\WINDOWS\system32\lHprxy.dll deleting: C:\WINDOWS\system32\lHprxy.dll Successfully Deleted: C:\WINDOWS\system32\lHprxy.dll deleting: C:\WINDOWS\system32\lutif11n.dll Successfully Deleted: C:\WINDOWS\system32\lutif11n.dll deleting: C:\WINDOWS\system32\lutif11n.dll Successfully Deleted: C:\WINDOWS\system32\lutif11n.dll deleting: C:\WINDOWS\system32\mcident.dll Successfully Deleted: C:\WINDOWS\system32\mcident.dll deleting: C:\WINDOWS\system32\mcident.dll Successfully Deleted: C:\WINDOWS\system32\mcident.dll deleting: C:\WINDOWS\system32\mjprivs.dll Successfully Deleted: C:\WINDOWS\system32\mjprivs.dll deleting: C:\WINDOWS\system32\mjprivs.dll Successfully Deleted: C:\WINDOWS\system32\mjprivs.dll deleting: C:\WINDOWS\system32\mvdtclog.dll Successfully Deleted: C:\WINDOWS\system32\mvdtclog.dll deleting: C:\WINDOWS\system32\mvdtclog.dll Successfully Deleted: C:\WINDOWS\system32\mvdtclog.dll deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp Zipping up files for submission: adding: beowser.dll (164 bytes security) (deflated 48%) adding: cBbinet.dll (164 bytes security) (deflated 48%) adding: cqutil.dll (164 bytes security) (deflated 48%) adding: cwypt32.dll (164 bytes security) (deflated 48%) adding: dmsrslvr.dll (164 bytes security) (deflated 48%) adding: doquery.dll (164 bytes security) (deflated 48%) adding: dv16gt.dLL (164 bytes security) (deflated 48%) adding: dXvclnt.dll (164 bytes security) (deflated 48%) adding: fedrclnr.dll (164 bytes security) (deflated 48%) adding: ibcoin2.dll (164 bytes security) (deflated 48%) adding: idetcfg.dll (164 bytes security) (deflated 48%) adding: ksdsl1.dll (164 bytes security) (deflated 48%) adding: kxcp32.dll (164 bytes security) (deflated 48%) adding: kydhe220.dll (164 bytes security) (deflated 48%) adding: lHprxy.dll (164 bytes security) (deflated 48%) adding: lutif11n.dll (164 bytes security) (deflated 48%) adding: mcident.dll (164 bytes security) (deflated 48%) adding: mjprivs.dll (164 bytes security) (deflated 48%) adding: mvdtclog.dll (164 bytes security) (deflated 48%) adding: guard.tmp (164 bytes security) (deflated 48%) adding: clear.reg (164 bytes security) (deflated 58%) adding: echo.reg (164 bytes security) (deflated 8%) adding: direct.txt (164 bytes security) (stored 0%) adding: lo2.txt (164 bytes security) (deflated 88%) adding: readme.txt (164 bytes security) (deflated 49%) adding: report.txt (164 bytes security) (deflated 66%) adding: test.txt (164 bytes security) (deflated 88%) adding: test2.txt (164 bytes security) (deflated 40%) adding: test3.txt (164 bytes security) (deflated 40%) adding: test5.txt (164 bytes security) (deflated 40%) adding: xfind.txt (164 bytes security) (deflated 85%) adding: backregs/1109B115-12A5-4DB3-9934-B00A89CBAD99.reg (164 bytes security) (deflated 70%) adding: backregs/1BD1FA66-A177-4DE0-8225-F838460CF2A4.reg (164 bytes security) (deflated 70%) adding: backregs/81E4550B-A272-4A9F-A4EC-BE8F79D2481C.reg (164 bytes security) (deflated 70%) adding: backregs/9650F943-878D-434C-BE40-0C26BBED2679.reg (164 bytes security) (deflated 70%) adding: backregs/A6625691-0AF7-49AB-89BF-0211D60B9275.reg (164 bytes security) (deflated 70%) adding: backregs/D251F2C0-ADC5-4A2C-9158-991DB6AF9003.reg (164 bytes security) (deflated 70%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful deleting local copy: beowser.dll deleting local copy: beowser.dll deleting local copy: cBbinet.dll deleting local copy: cBbinet.dll deleting local copy: cqutil.dll deleting local copy: cqutil.dll deleting local copy: cwypt32.dll deleting local copy: cwypt32.dll deleting local copy: dmsrslvr.dll deleting local copy: dmsrslvr.dll deleting local copy: doquery.dll deleting local copy: doquery.dll deleting local copy: dv16gt.dLL deleting local copy: dv16gt.dLL deleting local copy: dXvclnt.dll deleting local copy: dXvclnt.dll deleting local copy: fedrclnr.dll deleting local copy: fedrclnr.dll deleting local copy: ibcoin2.dll deleting local copy: ibcoin2.dll deleting local copy: idetcfg.dll deleting local copy: idetcfg.dll deleting local copy: ksdsl1.dll deleting local copy: ksdsl1.dll deleting local copy: kxcp32.dll deleting local copy: kxcp32.dll deleting local copy: kydhe220.dll deleting local copy: kydhe220.dll deleting local copy: lHprxy.dll deleting local copy: lHprxy.dll deleting local copy: lutif11n.dll deleting local copy: lutif11n.dll deleting local copy: mcident.dll deleting local copy: mcident.dll deleting local copy: mjprivs.dll deleting local copy: mjprivs.dll deleting local copy: mvdtclog.dll deleting local copy: mvdtclog.dll deleting local copy: guard.tmp deleting local copy: guard.tmp The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient] "Asynchronous"=dword:00000000 "DllName"="C:\\Program Files\\Common Files\\Stardock\\mcpstub.dll" "Startup"="MCPSystemStartup" "Logon"="MCPLogonStartup" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB] "Asynchronous"=dword:00000000 "DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll" "Startup"="StartSys" "Logon"="StartWB" The following are the files found: **************************************************************************** C:\WINDOWS\system32\beowser.dll C:\WINDOWS\system32\beowser.dll C:\WINDOWS\system32\cBbinet.dll C:\WINDOWS\system32\cBbinet.dll C:\WINDOWS\system32\cqutil.dll C:\WINDOWS\system32\cqutil.dll C:\WINDOWS\system32\cwypt32.dll C:\WINDOWS\system32\cwypt32.dll C:\WINDOWS\system32\dmsrslvr.dll C:\WINDOWS\system32\dmsrslvr.dll C:\WINDOWS\system32\doquery.dll C:\WINDOWS\system32\doquery.dll C:\WINDOWS\system32\dv16gt.dLL C:\WINDOWS\system32\dv16gt.dLL C:\WINDOWS\system32\dXvclnt.dll C:\WINDOWS\system32\dXvclnt.dll C:\WINDOWS\system32\fedrclnr.dll C:\WINDOWS\system32\fedrclnr.dll C:\WINDOWS\system32\ibcoin2.dll C:\WINDOWS\system32\ibcoin2.dll C:\WINDOWS\system32\idetcfg.dll C:\WINDOWS\system32\idetcfg.dll C:\WINDOWS\system32\ksdsl1.dll C:\WINDOWS\system32\ksdsl1.dll C:\WINDOWS\system32\kxcp32.dll C:\WINDOWS\system32\kxcp32.dll C:\WINDOWS\system32\kydhe220.dll C:\WINDOWS\system32\kydhe220.dll C:\WINDOWS\system32\lHprxy.dll C:\WINDOWS\system32\lHprxy.dll C:\WINDOWS\system32\lutif11n.dll C:\WINDOWS\system32\lutif11n.dll C:\WINDOWS\system32\mcident.dll C:\WINDOWS\system32\mcident.dll C:\WINDOWS\system32\mjprivs.dll C:\WINDOWS\system32\mjprivs.dll C:\WINDOWS\system32\mvdtclog.dll C:\WINDOWS\system32\mvdtclog.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}"=- "{9650F943-878D-434C-BE40-0C26BBED2679}"=- "{A6625691-0AF7-49AB-89BF-0211D60B9275}"=- "{1109B115-12A5-4DB3-9934-B00A89CBAD99}"=- "{1BD1FA66-A177-4DE0-8225-F838460CF2A4}"=- "{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}"=- [-HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}] [-HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}] [-HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}] [-HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}] [-HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}] [-HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** HJT Log Logfile of HijackThis v1.99.1 Scan saved at 12:26:26 AM, on 7/15/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\CursorXP\CursorXP.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\System32\imapi.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Yahoo!\browser\ybrowser.exe C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab? O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  23. Ok. here it is. I also noticed my system restore isn't working, and now my computer is real "jerky". If I try to play hearts, it looks like the cards are skipping, and that applies to everything I do. The system restore is turned back on, but there is no date in bold except today, I can't go back to June either. Grrr-this thing is aggravating me!! L2MFIX find log 1.03 These are the registry keys present ******************************************************************************** ** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\iaxrip.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient] "Asynchronous"=dword:00000000 "DllName"="C:\\Program Files\\Common Files\\Stardock\\mcpstub.dll" "Startup"="MCPSystemStartup" "Logon"="MCPLogonStartup" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\iaxrip.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\drloader.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\drloader.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB] "Asynchronous"=dword:00000000 "DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll" "Startup"="StartSys" "Logon"="StartWB" ******************************************************************************** ** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3CFB6117-AB06-4CBB-D23B-E92DAB0565B5}"="" ******************************************************************************** ** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension" "{20082881-FC36-4E47-9A7A-644C95FF749F}"="IntelliPoint Wireless Control Panel Property Page" "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}"="IntelliPoint Wheel Control Panel Property Page" "{653DCCC2-13DB-45B2-A389-427885776CFE}"="IntelliPoint Activities Control Panel Property Page" "{124597D8-850A-41AE-849C-017A4FA99CA2}"="IntelliPoint Buttons Control Panel Property Page" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{2F5AC606-70CF-461C-BFE1-734234536262}"="WindowBlinds CPL Extension" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"="CopyToCD shell extension" "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension" "{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}"="" "{9650F943-878D-434C-BE40-0C26BBED2679}"="" "{A6625691-0AF7-49AB-89BF-0211D60B9275}"="" "{1109B115-12A5-4DB3-9934-B00A89CBAD99}"="" "{1BD1FA66-A177-4DE0-8225-F838460CF2A4}"="" "{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}"="" "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail" ******************************************************************************** ** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}] @="" [HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}\InprocServer32] @="C:\\WINDOWS\\system32\\cwypt32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}] @="" [HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}\InprocServer32] @="C:\\WINDOWS\\system32\\idetcfg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}] @="" [HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}\InprocServer32] @="C:\\WINDOWS\\system32\\drloader.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}] @="" [HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}\InprocServer32] @="C:\\WINDOWS\\system32\\ksdsl1.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}] @="" [HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}\InprocServer32] @="C:\\WINDOWS\\system32\\iaxrip.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}] @="" [HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}\InprocServer32] @="C:\\WINDOWS\\system32\\ibcoin2.dll" "ThreadingModel"="Apartment" ******************************************************************************** ** Files Found are not all bad files: Locate .tmp files: Directory Listing of system files: Volume in drive C has no label. Volume Serial Number is 24BA-00FB Directory of C:\WINDOWS\System32 07/14/2005 10:53 PM 417,792 ksdsl1.dll 07/14/2005 06:27 PM 417,792 ibcoin2.dll 07/14/2005 02:44 PM 417,792 kxcp32.dll 07/14/2005 01:57 PM 417,792 dmsrslvr.dll 07/14/2005 01:57 PM 417,792 drloader.dll 07/14/2005 12:48 PM 417,792 kydhe220.dll 07/14/2005 12:42 PM 417,792 lHprxy.dll 07/14/2005 12:29 PM 417,792 mcident.dll 07/14/2005 11:38 AM 417,792 mjprivs.dll 07/14/2005 08:24 AM 417,792 lutif11n.dll 07/11/2005 06:31 PM 417,792 fedrclnr.dll 07/10/2005 06:31 PM 417,792 iaxrip.dll 07/06/2005 09:46 PM 417,792 idetcfg.dll 07/06/2005 09:44 PM 417,792 guard.tmp 07/06/2005 01:42 PM 417,792 cwypt32.dll 06/22/2005 07:37 PM <DIR> dllcache 06/17/2005 06:31 PM 5 AuxDrv32b_g.oxc 11/01/2002 12:25 PM <DIR> Microsoft 16 File(s) 6,266,885 bytes 2 Dir(s) 29,284,995,072 bytes free